Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 024798be authored by Zhen Kong's avatar Zhen Kong
Browse files

qseecom: check if app is blocked when unloading app 



When TA client crashes, qseecom_release() will be called to
unload this TA and release its allocated buffer. But if at the same
time, there is another client still waiting to check if this TA is
blocked, the TA should not be unloaded, otherwise the checking client
may access freed buffer. Thus, add a TA "check_block" flag to indicate
if a client is still checking TA's block state, and not to unload TA
if this flag is true.

Change-Id: I8bd4baae44d5e333cedb54048501efd4cff29a72
Signed-off-by: default avatarZhen Kong <zkong@codeaurora.org>
parent 6fec52c1

drivers/misc/qseecom.c

+5 −1
Original line number Diff line number Diff line
@@ -199,6 +199,7 @@ struct qseecom_registered_app_list { 
	char app_name[MAX_APP_NAME_SIZE];

	u32  app_arch;

	bool app_blocked;

	bool check_block;

	u32  blocked_on_listener_id;

};
@@ -2185,6 +2186,7 @@ static void __qseecom_reentrancy_check_if_this_app_blocked( 
	sigset_t new_sigset, old_sigset;



	if (qseecom.qsee_reentrancy_support) {

		ptr_app->check_block = true;

		while (ptr_app->app_blocked || qseecom.app_block_ref_cnt > 1) {

			/* thread sleep until this app unblocked */

			sigfillset(&new_sigset);
@@ -2199,6 +2201,7 @@ static void __qseecom_reentrancy_check_if_this_app_blocked( 
			mutex_lock(&app_access_lock);

			sigprocmask(SIG_SETMASK, &old_sigset, NULL);

		}

		ptr_app->check_block = false;

	}

}
@@ -2577,7 +2580,8 @@ static int qseecom_unload_app(struct qseecom_dev_handle *data, 
				if (!strcmp((void *)ptr_app->app_name,

					(void *)data->client.app_name)) {

					found_app = true;

					if (ptr_app->app_blocked)

					if (ptr_app->app_blocked ||

							ptr_app->check_block)

						app_crash = false;

					if (app_crash || ptr_app->ref_cnt == 1)

						unload = true;