1. Patchew
  2. linux
  3. View series

[PATCH] media: iris: Fix dma_free_attrs() size in iris_hfi_queues_init()

Thomas Fourier posted 1 patch 1 month, 2 weeks ago 
drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] media: iris: Fix dma_free_attrs() size in iris_hfi_queues_init()
Posted by Thomas Fourier 1 month, 2 weeks ago 
The core->iface_q_table_vaddr buffer is alloc'd with size queue_size
but freed with sizeof(*q_tbl_hdr) which is different.

Change the dma_free_attrs() size.

Fixes: d7378f84e94e ("media: iris: introduce iris core state management with shared queues")
Cc: <stable@vger.kernel.org>
Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
---
 drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/platform/qcom/iris/iris_hfi_queue.c b/drivers/media/platform/qcom/iris/iris_hfi_queue.c
index b3ed06297953..bf6db23b53e2 100644
--- a/drivers/media/platform/qcom/iris/iris_hfi_queue.c
+++ b/drivers/media/platform/qcom/iris/iris_hfi_queue.c
@@ -263,7 +263,7 @@ int iris_hfi_queues_init(struct iris_core *core)
 					  GFP_KERNEL, DMA_ATTR_WRITE_COMBINE);
 	if (!core->sfr_vaddr) {
 		dev_err(core->dev, "sfr alloc and map failed\n");
-		dma_free_attrs(core->dev, sizeof(*q_tbl_hdr), core->iface_q_table_vaddr,
+		dma_free_attrs(core->dev, queue_size, core->iface_q_table_vaddr,
 			       core->iface_q_table_daddr, DMA_ATTR_WRITE_COMBINE);
 		return -ENOMEM;
 	}
-- 
2.43.0
Re: [PATCH] media: iris: Fix dma_free_attrs() size in iris_hfi_queues_init()
Posted by Markus Elfring 1 month, 2 weeks ago 
> The core->iface_q_table_vaddr buffer is alloc'd with size queue_size
> but freed with sizeof(*q_tbl_hdr) which is different.
…

* Were any source code analysis tools involved here?

* You should probably specify message recipients not only in the header field “Cc”.


Regards,
Markus
Re: [PATCH] media: iris: Fix dma_free_attrs() size in iris_hfi_queues_init()
Posted by Dikshita Agarwal 1 month, 2 weeks ago 

On 2/13/2026 2:43 PM, Thomas Fourier wrote:
> The core->iface_q_table_vaddr buffer is alloc'd with size queue_size
> but freed with sizeof(*q_tbl_hdr) which is different.
> 
> Change the dma_free_attrs() size.
> 
> Fixes: d7378f84e94e ("media: iris: introduce iris core state management with shared queues")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
> ---
>  drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/media/platform/qcom/iris/iris_hfi_queue.c b/drivers/media/platform/qcom/iris/iris_hfi_queue.c
> index b3ed06297953..bf6db23b53e2 100644
> --- a/drivers/media/platform/qcom/iris/iris_hfi_queue.c
> +++ b/drivers/media/platform/qcom/iris/iris_hfi_queue.c
> @@ -263,7 +263,7 @@ int iris_hfi_queues_init(struct iris_core *core)
>  					  GFP_KERNEL, DMA_ATTR_WRITE_COMBINE);
>  	if (!core->sfr_vaddr) {
>  		dev_err(core->dev, "sfr alloc and map failed\n");
> -		dma_free_attrs(core->dev, sizeof(*q_tbl_hdr), core->iface_q_table_vaddr,
> +		dma_free_attrs(core->dev, queue_size, core->iface_q_table_vaddr,
>  			       core->iface_q_table_daddr, DMA_ATTR_WRITE_COMBINE);
>  		return -ENOMEM;
>  	}

Reviewed-by: Dikshita Agarwal <dikshita.agarwal@oss.qualcomm.com>

Thanks,
Dikshita

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.