On Tue, Jun 02, 2026 at 03:17:47PM +0800, Jianping Li wrote: > From: Ekansh Gupta <[email protected]> > > fastrpc_req_munmap_impl() is called to unmap any buffer. The buffer is > getting removed from the list after it is unmapped from DSP. This can > create potential race conditions if multiple threads invoke unmap > concurrently, where one thread may remove the entry from the list while > another thread's unmap operation is still ongoing. > > Fix this by removing the buffer entry from the list before calling the > unmap operation. If the unmap fails, the entry is re-added to the list > so that userspace can retry the unmap, or alternatively, the buffer > will be cleaned up during device release when the DSP process is torn > down and all DSP-side mappings are freed along with remaining buffers > in the list. > > Fixes: 2419e55e532de ("misc: fastrpc: add mmap/unmap support") > Cc: [email protected] > Signed-off-by: Ekansh Gupta <[email protected]> > Signed-off-by: Jianping Li <[email protected]> > --- > drivers/misc/fastrpc.c | 14 ++++++++++---- > 1 file changed, 10 insertions(+), 4 deletions(-) >
Reviewed-by: Dmitry Baryshkov <[email protected]> -- With best wishes Dmitry
