From: Mitchel Humpherys Date: Fri, 9 Jan 2015 01:24:27 +0000 (-0800) Subject: staging: ion: always initialize the free list parameters X-Git-Tag: firefly_0821_release~176^2~2320^2~285 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=95e53ddd8240bad37df985a9ae2d2a07f49e6bf1;p=firefly-linux-kernel-4.4.55.git staging: ion: always initialize the free list parameters Currently we initialize the heap free_lock and free list size in ion_heap_init_deferred_free, which is only called when the ION_HEAP_FLAG_DEFER_FREE heap flag is given. However, the lock and size are used in the shrinker path as well as the deferred free path, and we can register a shrinker *without* enabling deferred freeing. So, if a heap provides a shrinker but *doesn't* set the DEFER_FREE flag we will use these parameters uninitialized (resulting in a spinlock bug and broken shrinker accounting). Fix these problems by initializing the free list parameters directly in ion_device_add_heap, which is always called no matter which heap features are being used. Signed-off-by: Mitchel Humpherys Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 296d347660fc..b8f1c491553e 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -1508,6 +1508,9 @@ void ion_device_add_heap(struct ion_device *dev, struct ion_heap *heap) pr_err("%s: can not add heap with invalid ops struct.\n", __func__); + spin_lock_init(&heap->free_lock); + heap->free_list_size = 0; + if (heap->flags & ION_HEAP_FLAG_DEFER_FREE) ion_heap_init_deferred_free(heap); diff --git a/drivers/staging/android/ion/ion_heap.c b/drivers/staging/android/ion/ion_heap.c index 4605e04712aa..fd13d05b538a 100644 --- a/drivers/staging/android/ion/ion_heap.c +++ b/drivers/staging/android/ion/ion_heap.c @@ -253,8 +253,6 @@ int ion_heap_init_deferred_free(struct ion_heap *heap) struct sched_param param = { .sched_priority = 0 }; INIT_LIST_HEAD(&heap->free_list); - heap->free_list_size = 0; - spin_lock_init(&heap->free_lock); init_waitqueue_head(&heap->waitqueue); heap->task = kthread_run(ion_heap_deferred_free, heap, "%s", heap->name);