Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 278923c4 authored by Siva Kumar Akkireddi's avatar Siva Kumar Akkireddi Committed by Rama Krishna Phani A
Browse files

msm: sps: Fix race condition in SPS debugfs APIs 



SPS debugfs APIs can be called concurrently which can result
in dangling pointer access. This change synchronizes access
to the SPS debugfs buffer.

Change-Id: I409b3f0618f760cb67eba47b43c81d166cdae4aa
Signed-off-by: default avatarSiva Kumar Akkireddi <sivaa@codeaurora.org>
parent ffd90498

drivers/platform/msm/sps/sps.c

+13 −0
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ static char *debugfs_buf; 
static u32 debugfs_buf_size;

static u32 debugfs_buf_used;

static int wraparound;

static struct mutex sps_debugfs_lock;



struct dentry *dent;

struct dentry *dfile_info;
@@ -85,6 +86,7 @@ static struct sps_bam *phy2bam(phys_addr_t phys_addr); 
/* record debug info for debugfs */

void sps_debugfs_record(const char *msg)

{

	mutex_lock(&sps_debugfs_lock);

	if (debugfs_record_enabled) {

		if (debugfs_buf_used + MAX_MSG_LEN >= debugfs_buf_size) {

			debugfs_buf_used = 0;
@@ -98,6 +100,7 @@ void sps_debugfs_record(const char *msg) 
					debugfs_buf_size - debugfs_buf_used,

					"\n**** end line of sps log ****\n\n");

	}

	mutex_unlock(&sps_debugfs_lock);

}



/* read the recorded debug info to userspace */
@@ -107,6 +110,7 @@ static ssize_t sps_read_info(struct file *file, char __user *ubuf, 
	int ret = 0;

	int size;



	mutex_lock(&sps_debugfs_lock);

	if (debugfs_record_enabled) {

		if (wraparound)

			size = debugfs_buf_size - MAX_MSG_LEN;
@@ -116,6 +120,7 @@ static ssize_t sps_read_info(struct file *file, char __user *ubuf, 
		ret = simple_read_from_buffer(ubuf, count, ppos,

				debugfs_buf, size);

	}

	mutex_unlock(&sps_debugfs_lock);



	return ret;

}
@@ -160,12 +165,14 @@ static ssize_t sps_set_info(struct file *file, const char __user *buf, 


	new_buf_size = buf_size_kb * SZ_1K;



	mutex_lock(&sps_debugfs_lock);

	if (debugfs_record_enabled) {

		if (debugfs_buf_size == new_buf_size) {

			/* need do nothing */

			pr_info(

				"sps:debugfs: input buffer size is the same as before.\n"

				);

			mutex_unlock(&sps_debugfs_lock);

			return count;

		}

		/* release the current buffer */
@@ -183,12 +190,14 @@ static ssize_t sps_set_info(struct file *file, const char __user *buf, 
	if (!debugfs_buf) {

		debugfs_buf_size = 0;

		pr_err("sps:fail to allocate memory for debug_fs.\n");

		mutex_unlock(&sps_debugfs_lock);

		return -ENOMEM;

	}



	debugfs_buf_used = 0;

	wraparound = false;

	debugfs_record_enabled = true;

	mutex_unlock(&sps_debugfs_lock);



	return count;

}
@@ -237,6 +246,7 @@ static ssize_t sps_set_logging_option(struct file *file, const char __user *buf, 
		return count;

	}



	mutex_lock(&sps_debugfs_lock);

	if (((option == 0) || (option == 2)) &&

		((logging_option == 1) || (logging_option == 3))) {

		debugfs_record_enabled = false;
@@ -248,6 +258,7 @@ static ssize_t sps_set_logging_option(struct file *file, const char __user *buf, 
	}



	logging_option = option;

	mutex_unlock(&sps_debugfs_lock);



	return count;

}
@@ -595,6 +606,8 @@ static void sps_debugfs_init(void) 
		goto bam_log_level_err;

	}



	mutex_init(&sps_debugfs_lock);



	return;



bam_log_level_err:

drivers/platform/msm/sps/spsi.h

+0 −17
Original line number Diff line number Diff line
@@ -145,11 +145,6 @@ extern u8 print_limit_option; 
				pr_info(msg, ##args);	\

		} \

	} while (0)

#define SPS_DEBUGFS(msg, args...) do {					\

		char buf[MAX_MSG_LEN];		\

		snprintf(buf, MAX_MSG_LEN, msg"\n", ##args);	\

		sps_debugfs_record(buf);	\

	} while (0)

#define SPS_ERR(dev, msg, args...) do {					\

		if (logging_option != 1) {	\

			if (unlikely(print_limit_option > 2))	\
@@ -157,8 +152,6 @@ extern u8 print_limit_option; 
			else	\

				pr_err(msg, ##args);	\

		}	\

		if (unlikely(debugfs_record_enabled))	\

			SPS_DEBUGFS(msg, ##args);	\

		SPS_IPC(3, dev, msg, args); \

	} while (0)

#define SPS_INFO(dev, msg, args...) do {				\
@@ -168,8 +161,6 @@ extern u8 print_limit_option; 
			else	\

				pr_info(msg, ##args);	\

		}	\

		if (unlikely(debugfs_record_enabled))	\

			SPS_DEBUGFS(msg, ##args);	\

		SPS_IPC(3, dev, msg, args); \

	} while (0)

#define SPS_DBG(dev, msg, args...) do {					\
@@ -181,8 +172,6 @@ extern u8 print_limit_option; 
				pr_info(msg, ##args);	\

		} else	\

			pr_debug(msg, ##args);	\

		if (unlikely(debugfs_record_enabled))	\

			SPS_DEBUGFS(msg, ##args);	\

		if (dev) { \

			if ((dev)->ipc_loglevel <= 0)	\

				SPS_IPC(0, dev, msg, args); \
@@ -197,8 +186,6 @@ extern u8 print_limit_option; 
				pr_info(msg, ##args);	\

		} else	\

			pr_debug(msg, ##args);	\

		if (unlikely(debugfs_record_enabled))	\

			SPS_DEBUGFS(msg, ##args);	\

		if (dev) { \

			if ((dev)->ipc_loglevel <= 1)	\

				SPS_IPC(1, dev, msg, args);	\
@@ -213,8 +200,6 @@ extern u8 print_limit_option; 
				pr_info(msg, ##args);	\

		} else	\

			pr_debug(msg, ##args);	\

		if (unlikely(debugfs_record_enabled))	\

			SPS_DEBUGFS(msg, ##args);	\

		if (dev) { \

			if ((dev)->ipc_loglevel <= 2)	\

				SPS_IPC(2, dev, msg, args); \
@@ -229,8 +214,6 @@ extern u8 print_limit_option; 
				pr_info(msg, ##args);	\

		} else	\

			pr_debug(msg, ##args);	\

		if (unlikely(debugfs_record_enabled))	\

			SPS_DEBUGFS(msg, ##args);	\

		if (dev) { \

			if ((dev)->ipc_loglevel <= 3)	\

				SPS_IPC(3, dev, msg, args); \