From f6714f0e5ab64ebfb32fee00c84e058ca19103f8 Mon Sep 17 00:00:00 2001
From: Daniel Baluta <daniel.baluta@nxp.com>
Date: Wed, 27 Mar 2019 10:25:22 +0200
Subject: [PATCH] MLK-21144 ASoC: fsl: Fix crash with multiple open/close

Because we are re-initializing the proxy at close it might
happen that work is still pending which causes the following crash:

[   94.699835] Unable to handle kernel NULL pointer dereference at virtual address 00000008
[   94.707923] Mem abort info:
[   94.710722]   Exception class = DABT (current EL), IL = 32 bits
[   94.716637]   SET = 0, FnV = 0
[   94.719686]   EA = 0, S1PTW = 0
[   94.722822] Data abort info:
[   94.725698]   ISV = 0, ISS = 0x00000005
[   94.729530]   CM = 0, WnR = 0
[   94.732504] user pgtable: 4k pages, 48-bit VAs, pgd = ffff8008d9ba3000
[   94.739035] [0000000000000008] *pgd=0000000938419003, *pud=0000000000000000
[   94.746015] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[   94.751589] Modules linked in:
[   94.754652] CPU: 0 PID: 2068 Comm: kworker/0:2 Not tainted 4.14.98-dirty #75
[   94.761700] Hardware name: Freescale i.MX8QM MEK (DT)
[   94.766768] task: ffff8008f23ae200 task.stack: ffff000014378000
[   94.772705] PC is at process_one_work+0x34/0x414
[   94.777325] LR is at process_one_work+0x1e0/0x414

In order to fix this, we make sure that no work is pending before starting
the re-initialization.

Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>
(cherry picked from commit 2c00c24be5f8b63636e3f9005e15a3de42058438)
---
 sound/soc/fsl/fsl_dsp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sound/soc/fsl/fsl_dsp.c b/sound/soc/fsl/fsl_dsp.c
index f5f1dbb..3573384 100644
--- a/sound/soc/fsl/fsl_dsp.c
+++ b/sound/soc/fsl/fsl_dsp.c
@@ -431,8 +431,12 @@ int fsl_dsp_close_func(struct xf_client *client)
 	/* If device is free, reinitialize the resource of
 	 * dsp driver and framework
 	 */
-	if (atomic_long_read(&dsp_priv->refcnt) <= 0)
+	if (atomic_long_read(&dsp_priv->refcnt) <= 0) {
+		/* we are closing up, wait for proxy processing
+		 * function to finish */
+		cancel_work_sync(&dsp_priv->proxy.work);
 		resource_release(dsp_priv);
+	}
 
 	mutex_unlock(&dsp_priv->dsp_mutex);
 
-- 
1.9.1