From: John Stultz Date: Sat, 14 Dec 2013 03:26:18 +0000 (-0800) Subject: ion: Fix two small issues in system_heap allocation X-Git-Tag: firefly_0821_release~176^2~4489^2~387 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ea725ec8b1d2a5f6a46dd45174fcd6a5f8c9dd5b;p=firefly-linux-kernel-4.4.55.git ion: Fix two small issues in system_heap allocation In testing ion system heap allocations, I ran across two issues: 1) Not k*z*allocing the sg table. This can cause trouble if we end up trying call sg_alloc_table() with too many entries, then sg_alloc_table() internally fails and tries to free what it thinks is internal table structure, which causes bad pointer traversals. 2) The second list_for_each_entry probably should be _safe, since I was seeing strange lock warnings and oopses on occasion. This seems to resolve it, but could use some extra checking. Signed-off-by: John Stultz Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c index 9250ee51171d..bec9d4585e62 100644 --- a/drivers/staging/android/ion/ion_system_heap.c +++ b/drivers/staging/android/ion/ion_system_heap.c @@ -166,8 +166,7 @@ static int ion_system_heap_allocate(struct ion_heap *heap, max_order = info->order; i++; } - - table = kmalloc(sizeof(struct sg_table), GFP_KERNEL); + table = kzalloc(sizeof(struct sg_table), GFP_KERNEL); if (!table) goto err; @@ -189,7 +188,7 @@ static int ion_system_heap_allocate(struct ion_heap *heap, err1: kfree(table); err: - list_for_each_entry(info, &pages, list) { + list_for_each_entry_safe(info, tmp_info, &pages, list) { free_buffer_page(sys_heap, buffer, info->page, info->order); kfree(info); }