DigiGoon/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

smcinvoke: Move IPC_LOG before deleting cb_txn

Browse source 
Move IPC_LOG inside mutex lock and bfefore deleting
cb_txn inside process_tzcb_req to make sure that
we are not accessing cb_req value that has gone bad.

Change-Id: Icc04bab52d1364d883b0a4bb07ff4cf2cc8ce6f8
Signed-off-by: Anmolpreet Kaur <anmolpre@codeaurora.org>
This commit is contained in:
Anmolpreet Kaur 2021-04-30 14:50:36 +05:30
parent 11b282467f
commit 07e8c4b8d3
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
drivers/soc/qcom/smcinvoke.c
View file

@ -1194,16 +1194,15 @@ out:
}
--cb_reqs_inflight;
memcpy(buf, cb_req, buf_len);
IPC_LOG("result=%d tzhandle=0x%08x op=0x%02x counts=0x%04x, cb_reqs_inflight=%d",
cb_req->result,
cb_req->hdr.tzhandle, cb_req->hdr.op, cb_req->hdr.counts,
cb_reqs_inflight);
kref_put(&cb_txn->ref_cnt, delete_cb_txn);
if (srvr_info)
kref_put(&srvr_info->ref_cnt, destroy_cb_server);
mutex_unlock(&g_smcinvoke_lock);
IPC_LOG("result=%d tzhandle=0x%08x op=0x%02x counts=0x%04x, cb_reqs_inflight=%d",
cb_req->result,
cb_req->hdr.tzhandle, cb_req->hdr.op, cb_req->hdr.counts,
cb_reqs_inflight);
}
static int marshal_out_invoke_req(const uint8_t *buf, uint32_t buf_size,