Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5051273imu;
        Tue, 8 Jan 2019 10:37:07 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4OFukcqnWwarjVIiqQB0s2OCKHwflXO5EPydyn4wWZLLZR32Lo9diR7VKH19xN5Tk2mBLv
X-Received: by 2002:a63:5402:: with SMTP id i2mr2445277pgb.79.1546972627055;
        Tue, 08 Jan 2019 10:37:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1546972627; cv=none;
        d=google.com; s=arc-20160816;
        b=M3OPxRWXSqoS0QdpMRH9inUwr9/bXKZTdwLCOurDtvioqEm3q6YsCL7r18xv2KoucJ
         tmLFLbGaX9tIK2u8EpbvfjaKBaJEr9I50jY4YSjizaH5JXT07+QqsPY5kcrQjCg3jheM
         +mi6PnLOO4p+Z2QFH3jtByaPH6itX3sJSVpbJod4g4412O5Wxh6LX5MHXhiJAiSiydly
         Nvh6jzZ5OqLp0zNnyAQfve1tApmfOwOJES3qftIyQDRPaT5yenZLLxH5KJjWthZuIQ8x
         VZkXz8XsYKCP/DUKBVrwcSxKFb2RGb7kui1qr0xyu6CPXfFxqCwJEBMU4weHylRdx00i
         HMEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:message-id:references:user-agent
         :from:in-reply-to:to:cc:subject:content-transfer-encoding
         :mime-version:dkim-signature;
        bh=gu2/38Y7g7xPtSOrpl8BprJ/DF01j+H/9kbu3B2uWyQ=;
        b=uWmqd9vJcMdCynLEYzQadLrolwRapTR+cMBaV0Hrr5asxrMRwVDc69j5eN7G8KSzaz
         oR0ShG+b1JCLCY6vNuwzUmKlLaCGU8fHgluIVJAHajlGZ87ibGr9Ioc5oE7B9tE/Q7oo
         skpRsdOTn3JcicacXBVyyyMaH/T4YIf2hmfITk9tEtlyfeYf+voFJOKLqZrzAd3oawpB
         Di0j37RcLCwqSM+77PwB8htGl0iLb/o5HTj4MdZbeyU1CObzSpAsygH2EpvDGqRwdLwE
         SJZn1RKOGi61x1q299+YoKKf2MVyEij0urF+OJBH+OLxqe5TMQSlkyEfFwUOhjijlZoE
         NbJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=WhSJlIcX;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v25si2862345pfg.135.2019.01.08.10.36.50;
        Tue, 08 Jan 2019 10:37:07 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=WhSJlIcX;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729459AbfAHSfU (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Tue, 8 Jan 2019 13:35:20 -0500
Received: from mail-pl1-f196.google.com ([209.85.214.196]:38778 "EHLO
        mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729222AbfAHSfU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 Jan 2019 13:35:20 -0500
Received: by mail-pl1-f196.google.com with SMTP id e5so2289685plb.5
        for <linux-kernel@vger.kernel.org>; Tue, 08 Jan 2019 10:35:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:content-transfer-encoding:subject:cc:to:in-reply-to
         :from:user-agent:references:message-id:date;
        bh=gu2/38Y7g7xPtSOrpl8BprJ/DF01j+H/9kbu3B2uWyQ=;
        b=WhSJlIcXDKvke6McMFz4ZIAD1Bn/Vo5XqAdWJn0YE1eSuOUvIIdIHoakUZLvz4BmmZ
         na2IbNy6jychDu0iyiz6MPNRSHjmgPbGW8cTr/jVFIC/Jx9hJ4P9uxx/I4kLQSxfJQei
         YNHFHssPVdSIeQDspGJfUFsStuQjyTqMEnBss=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:content-transfer-encoding:subject
         :cc:to:in-reply-to:from:user-agent:references:message-id:date;
        bh=gu2/38Y7g7xPtSOrpl8BprJ/DF01j+H/9kbu3B2uWyQ=;
        b=UWRZ/f8MSWZUUlfzSw7Nc7DK75p8BE5KNlIO4RvrDOxRB0tKCLPL0z24YTzxFd3whJ
         Ol1tBfcbMcm3bAIPuXJUQoCQUzT+ZinlhEWfdze5tEVqMfqVttHmQplp0Vme1xNDpXy+
         Ve0lMPzUYerriph9tA46WzSG2FBpTWEwUOkA6lKvguB8viy3OB7ZMaCkCmkuVNvo+2pc
         XzBGev9IFmgmADDnWytSM8w9RvOwUW4ZTh5HUZzFbG2l2n0XFQRTLX7DHX5BCJZBBinp
         CR6u+pCdvvFjS+jxf8L+QGSqLvXBPs+uk8/bbnd5Jj96zDyNhsxxhY0T4pxXeEFG51OY
         5BGw==
X-Gm-Message-State: AJcUukdzpDLE9Cb11vKiOHPEKVEdZgEMylbxbk1mH6gKZjmyYes6lvl2
        /FRbqU+c42s0lDdTtJVtAFp9QQ==
X-Received: by 2002:a17:902:96a:: with SMTP id 97mr2783324plm.45.1546972519670;
        Tue, 08 Jan 2019 10:35:19 -0800 (PST)
Received: from localhost ([2620:15c:202:1:fa53:7765:582b:82b9])
        by smtp.gmail.com with ESMTPSA id j21sm99414958pfn.175.2019.01.08.10.35.18
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 08 Jan 2019 10:35:19 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PATCH] soc: qcom: rpmh: Avoid accessing freed memory from batch API
Cc:     Andy Gross <andy.gross@linaro.org>, linux-kernel@vger.kernel.org,
        linux-arm-msm@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org,
        "Raju P.L.S.S.S.N" <rplsssn@codeaurora.org>,
        Matthias Kaehlcke <mka@chromium.org>
To:     Evan Green <evgreen@chromium.org>, Lina Iyer <ilina@codeaurora.org>
In-Reply-To: <20190107212321.GK14960@codeaurora.org>
From:   Stephen Boyd <swboyd@chromium.org>
User-Agent: alot/0.8
References: <20190103174657.251968-1-swboyd@chromium.org> <CAE=gft6M7aaPjS0KRg7dyfLOGtgXdU1qaT7oNeRHeNFQpRouWA@mail.gmail.com> <20190107212321.GK14960@codeaurora.org>
Message-ID: <154697251815.15366.10888159477746216145@swboyd.mtv.corp.google.com>
Date:   Tue, 08 Jan 2019 10:35:18 -0800
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Quoting Lina Iyer (2019-01-07 13:23:21)
> On Fri, Jan 04 2019 at 14:02 -0700, Evan Green wrote:
> >On Thu, Jan 3, 2019 at 9:47 AM Stephen Boyd <swboyd@chromium.org> wrote:
> >>
> >> @@ -380,7 +386,10 @@ int rpmh_write_batch(const struct device *dev, en=
um rpmh_state state,
> >>         }
> >>
> >>         for (i =3D 0; i < count; i++) {
> >> -               rpm_msgs[i].completion =3D &compl;
> >> +               struct completion *compl =3D &compls[i];
> >> +
> >> +               init_completion(compl);
> >> +               rpm_msgs[i].completion =3D compl;
> >>                 ret =3D rpmh_rsc_send_data(ctrlr_to_drv(ctrlr), &rpm_m=
sgs[i].msg);
> >>                 if (ret) {
> >>                         pr_err("Error(%d) sending RPMH message addr=3D=
%#x\n",
> >
> >It's a little weird that we call rpmh_tx_done on a bunch of transfers
> >we never submitted, just so the completion will get signaled so we can
> >wait on it in the next loop. We could just do count =3D i; break; here
> >instead.
> >
> It seems like it was carried over from my earlier submissions, where I
> was reference counting the number of completions for a batch. I beleive,
> with what we are doing here, we don't need to call tx_done with this
> approach.

Ok. So we can remove this whole chunk of code that forces out
completions and unwind more properly?