dmaengine: fix dmaengine_unmap failure The count which is used to get_unmap_data maybe not the same as the count computed in dmaengine_unmap which causes to free data in a wrong pool. This patch fixes this issue by keeping the map count with unmap_data structure and use this count to get the pool. Cc: <stable@vger.kernel.org> Signed-off-by: Xuelin Shi <xuelin.shi@freescale.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>

commit: c1f43dd9c20d85e66c4d77e284f64ac114abe3f8 [log] [tgz]
author: Xuelin Shi <xuelin.shi@freescale.com> Wed May 21 14:02:37 2014 -0700
committer: Dan Williams <dan.j.williams@intel.com> Wed May 21 14:02:37 2014 -0700
tree: ee4ff99c2742b037071435d9dc0423eb3650da51
parent: 5a9a55bf9157d3490b0c8c4c81d4708602c26e07 [diff]
diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c
index a886713..d5d30ed 100644
--- a/drivers/dma/dmaengine.c
+++ b/drivers/dma/dmaengine.c

@@ -1009,6 +1009,7 @@
 		dma_unmap_page(dev, unmap->addr[i], unmap->len,
 			       DMA_BIDIRECTIONAL);
 	}
+	cnt = unmap->map_cnt;
 	mempool_free(unmap, __get_unmap_pool(cnt)->pool);
 }
 
@@ -1074,6 +1075,7 @@
 	memset(unmap, 0, sizeof(*unmap));
 	kref_init(&unmap->kref);
 	unmap->dev = dev;
+	unmap->map_cnt = nr;
 
 	return unmap;
 }

diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
index 8300fb8..72cb0dd 100644
--- a/include/linux/dmaengine.h
+++ b/include/linux/dmaengine.h

@@ -429,6 +429,7 @@
 typedef void (*dma_async_tx_callback)(void *dma_async_param);
 
 struct dmaengine_unmap_data {
+	u8 map_cnt;
 	u8 to_cnt;
 	u8 from_cnt;
 	u8 bidi_cnt;
commit	c1f43dd9c20d85e66c4d77e284f64ac114abe3f8	[log] [tgz]
author	Xuelin Shi <xuelin.shi@freescale.com>	Wed May 21 14:02:37 2014 -0700
committer	Dan Williams <dan.j.williams@intel.com>	Wed May 21 14:02:37 2014 -0700
tree	ee4ff99c2742b037071435d9dc0423eb3650da51
parent	5a9a55bf9157d3490b0c8c4c81d4708602c26e07 [diff]