ion: Ensure ion_buffer fields are initialized
In the process_one_prefetch and process_one_shrink functions there are
local ion_buffer objects with fields which aren't initialized.
This can be a problem, for example if the private_flags
ION_PRIV_FLAG_SHRINKER_FREE flag is randomly set then this can lead to
memory which is not HYP assigned to the HLOS vmid being freed back to the
buddy allocator.
-002|__free_pages()
-003|ion_page_pool_free_pages()
-004|ion_page_pool_free_immediate()
-005|free_buffer_page()
-006|split_page_from_secure_pool()
-007|alloc_from_pool_preferred()
-007|ion_system_heap_allocate()
-008|process_one_shrink()
-008|ion_system_secure_heap_prefetch_work()
To fix this issue initialize all ion_buffer fields to zero for these local
variables.
Change-Id: I6bff85e9bf1e975d393d0ae6cef2f3931c8db217
Signed-off-by:  Liam Mark <lmark@codeaurora.org>
Liam Mark <lmark@codeaurora.org>
Loading
Please register or sign in to comment
