git.osdn.net Git - android-x86/kernel.git/commit

author	Adam Wallis <awallis@codeaurora.org>
	Mon, 27 Nov 2017 15:45:01 +0000 (10:45 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 20 Dec 2017 09:07:17 +0000 (10:07 +0100)
commit	679dbeac0b6bb551e1f3b95673695b22b2ac953d
tree	75df55457d27a82eabff925dbccdcaf5de4893a0	tree \| snapshot
parent	744cb5ab337218e7a258d2a82c6f5d7afc72cd16	commit \| diff

dmaengine: dmatest: move callback wait queue to thread context

commit 6f6a23a213be51728502b88741ba6a10cda2441d upstream.

Commit adfa543e7314 ("dmatest: don't use set_freezable_with_signal()")
introduced a bug (that is in fact documented by the patch commit text)
that leaves behind a dangling pointer. Since the done_wait structure is
allocated on the stack, future invocations to the DMATEST can produce
undesirable results (e.g., corrupted spinlocks).

Commit a9df21e34b42 ("dmaengine: dmatest: warn user when dma test times
out") attempted to WARN the user that the stack was likely corrupted but
did not fix the actual issue.

This patch fixes the issue by pushing the wait queue and callback
structs into the the thread structure. If a failure occurs due to time,
dmaengine_terminate_all will force the callback to safely call
wake_up_all() without possibility of using a freed pointer.

Bug: https://bugzilla.kernel.org/show_bug.cgi?id=197605
Fixes: adfa543e7314 ("dmatest: don't use set_freezable_with_signal()")
Reviewed-by: Sinan Kaya <okaya@codeaurora.org>
Suggested-by: Shunyong Yang <shunyong.yang@hxt-semitech.com>
Signed-off-by: Adam Wallis <awallis@codeaurora.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>