Currently we initialize the heap free_lock and free list size in
ion_heap_init_deferred_free, which is only called when the
ION_HEAP_FLAG_DEFER_FREE heap flag is given.  However, the lock and size
are used in the shrinker path as well as the deferred free path, and we
can register a shrinker *without* enabling deferred freeing.  So, if a
heap provides a shrinker but *doesn't* set the DEFER_FREE flag we will
use these parameters uninitialized (resulting in a spinlock bug and
broken shrinker accounting).
Fix these problems by initializing the free list parameters directly in
ion_device_add_heap, which is always called no matter which heap
features are being used.
Signed-off-by: Mitchel Humpherys <mitchelh@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
                pr_err("%s: can not add heap with invalid ops struct.\n",
                       __func__);
 
+       spin_lock_init(&heap->free_lock);
+       heap->free_list_size = 0;
+
        if (heap->flags & ION_HEAP_FLAG_DEFER_FREE)
                ion_heap_init_deferred_free(heap);
 
 
        struct sched_param param = { .sched_priority = 0 };
 
        INIT_LIST_HEAD(&heap->free_list);
-       heap->free_list_size = 0;
-       spin_lock_init(&heap->free_lock);
        init_waitqueue_head(&heap->waitqueue);
        heap->task = kthread_run(ion_heap_deferred_free, heap,
                                 "%s", heap->name);