On Fri, 13 Apr 2018 09:09:18 +0200 Ioan Nicu <ioan.nicu....@nokia.com> wrote:
> > > And please remember to always include all information regarding
> > > end-user impact when fixing bugs.
> > >
> > This bug fix is applicable to versions starting from v4.6
> Actually, this is something I broke with my previous patch where I added a
> kref to the mport_dma_req structure. Before this patch, all the error paths
> were doing kfree(req) instead of kref_put(&req->refcount, dma_req_free).
> Now that dma_req_free() is called, it dereferences req->dmach, which is
> initialized late in do_dma_request(), so dma_req_free() could be called
> with a NULL req->dmach in some cases.
> Sorry if I did not make this clear enough in the description.
Fixes: bbd876adb8c72 ("rapidio: use a reference count for struct mport_dma_req")
(correct?) and removed cc:stable.