From: 黄涛 <huangtao@rock-chips.com>
Date: Wed, 13 Jun 2012 09:04:51 +0000 (+0800)
Subject: dma-pl330: avoid double call _finish_off
X-Git-Tag: firefly_0821_release~9099
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d406055d800ab86930a31e446094cbd3204cd42a;p=firefly-linux-kernel-4.4.55.git

dma-pl330: avoid double call _finish_off

fix this bug:
BUG rk29-pl330.1: Object already free
-----------------------------------------------------------------------------

INFO: Allocated in rk29_dma_enqueue+0x9c/0x430 age=4 cpu=0 pid=1517
INFO: Freed in rk29_dma_ctrl+0x5dc/0x7f4 age=0 cpu=1 pid=741
INFO: Slab 0xc1ba2ca0 objects=51 used=43 fp=0xdf6e5780 flags=0x0081
INFO: Object 0xdf6e5780 @offset=1920 fp=0xdf6e5870

Bytes b4 0xdf6e5770:  00 00 00 00 32 d1 ff ff 5a 5a 5a 5a 5a 5a 5a 5a ....2???ZZZZZZZZ
  Object 0xdf6e5780:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xdf6e5790:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk?
 Redzone 0xdf6e57a0:  bb bb bb bb                                     ????
 Padding 0xdf6e57c8:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ
[<c043b170>] (unwind_backtrace+0x0/0xf0) from [<c04cf814>] (free_debug_processing+0xf4/0x1ec)
[<c04cf814>] (free_debug_processing+0xf4/0x1ec) from [<c04d0634>] (kmem_cache_free+0x170/0x2ac)
[<c04d0634>] (kmem_cache_free+0x170/0x2ac) from [<c0441a24>] (pl330_update+0x334/0x3d8)
[<c0441a24>] (pl330_update+0x334/0x3d8) from [<c044f01c>] (pl330_irq_handler+0xc/0x18)
[<c044f01c>] (pl330_irq_handler+0xc/0x18) from [<c049bc58>] (handle_irq_event_percpu+0x30/0x150)
[<c049bc58>] (handle_irq_event_percpu+0x30/0x150) from [<c049bdb4>] (handle_irq_event+0x3c/0x5c)
[<c049bdb4>] (handle_irq_event+0x3c/0x5c) from [<c049e1cc>] (handle_fasteoi_irq+0xc8/0x100)
[<c049e1cc>] (handle_fasteoi_irq+0xc8/0x100) from [<c049b878>] (generic_handle_irq+0x24/0x38)
[<c049b878>] (generic_handle_irq+0x24/0x38) from [<c0430078>] (asm_do_IRQ+0x78/0xb8)
[<c0430078>] (asm_do_IRQ+0x78/0xb8) from [<c0435708>] (__irq_svc+0x48/0xe0)

and this bug:
Unable to handle kernel NULL pointer dereference at virtual address 0000010c
pgd = eda88000
[0000010c] *pgd=8d960831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP
CPU: 0    Tainted: G         C   (3.0.8+ #27)
PC is at rk29_audio_buffdone+0x24/0x6c
LR is at rk29_pl330_rq+0x240/0x2a4
pc : [<c0701d54>]    lr : [<c044fb90>]    psr: a0000193
sp : cf9b9c18  ip : 00000001  fp : 00000000
r10: eec9ef30  r9 : eee72844  r8 : ee4fc2a4
r7 : 00000000  r6 : df9573ac  r5 : ee4fc280  r4 : df9576e0
r3 : 00000040  r2 : ffffffff  r1 : 00000040  r0 : df9576e0
---

diff --git a/arch/arm/plat-rk/dma-pl330.c b/arch/arm/plat-rk/dma-pl330.c
index 3bf04b2db7bd..025e90d502f2 100644
--- a/arch/arm/plat-rk/dma-pl330.c
+++ b/arch/arm/plat-rk/dma-pl330.c
@@ -494,11 +494,12 @@ static void rk29_pl330_rq(struct rk29_pl330_chan *ch,
 {
 	unsigned long flags;
 	struct rk29_pl330_xfer *xfer;
-	struct pl330_xfer *xl = r->x;
+	struct pl330_xfer *xl;
 	enum rk29_dma_buffresult res;
 
 	spin_lock_irqsave(&res_lock, flags);
 
+	xl = r->x;
 	r->x = NULL;
 
 	rk29_pl330_submit(ch, r);