Skip to content

Commit a3592fa

Browse files
sudeep-hollagregkh
sudeep-holla
authored and
gregkh
committed
mailbox: arm_mhu_db: Fix mhu_db_shutdown by replacing kfree with devm_kfree
[ Upstream commit 9905f72 ] The mhu_db_channel info is allocated per channel using devm_kzalloc from mhu_db_mbox_xlate which gets called from mbox_request_channel. However we are releasing the allocated mhu_db_channel info using plain kfree from mhu_db_shutdown which is called from mbox_free_channel. This leads to random crashes when the channel is freed like below one: Unable to handle kernel paging request at virtual address 0080000400000008 [0080000400000008] address between user and kernel address ranges Internal error: Oops: 96000044 [Freescale#1] PREEMPT SMP Modules linked in: scmi_module(-) CPU: 1 PID: 2212 Comm: rmmod Not tainted 5.10.0-rc5 Freescale#31 Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Nov 19 2020 pstate: 20000085 (nzCv daIf -PAN -UAO -TCO BTYPE=--) pc : release_nodes+0x74/0x230 lr : devres_release_all+0x40/0x68 Call trace: release_nodes+0x74/0x230 devres_release_all+0x40/0x68 device_release_driver_internal+0x12c/0x1f8 driver_detach+0x58/0xe8 bus_remove_driver+0x64/0xe0 driver_unregister+0x38/0x68 platform_driver_unregister+0x1c/0x28 scmi_driver_exit+0x38/0x44 [scmi_module] __arm64_sys_delete_module+0x188/0x260 el0_svc_common.constprop.0+0x80/0x1a8 do_el0_svc+0x2c/0x98 el0_sync_handler+0x160/0x168 el0_sync+0x174/0x180 Code: 1400000d eb07009f 54000460 f9400486 (f90004a6) ---[ end trace c55ffd306c140233 ]--- Fix it by replacing kfree with devm_kfree as required. Fixes: 7002ca2 ("mailbox: arm_mhu: Add ARM MHU doorbell driver") Reported-by: Cristian Marussi <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Tested-by: Cristian Marussi <[email protected]> Reviewed-by: Cristian Marussi <[email protected]> Signed-off-by: Jassi Brar <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
1 parent 482d234 commit a3592fa

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

drivers/mailbox/arm_mhu_db.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -180,7 +180,7 @@ static void mhu_db_shutdown(struct mbox_chan *chan)
180180

181181
/* Reset channel */
182182
mhu_db_mbox_clear_irq(chan);
183-
kfree(chan->con_priv);
183+
devm_kfree(mbox->dev, chan->con_priv);
184184
chan->con_priv = NULL;
185185
}
186186

0 commit comments

Comments
 (0)