msm: sde: avoid request dereference with cached sequence id

		struct sde_rotator_request *request)

		struct sde_rotator_request *request)

{

{

	struct sde_rotator_ctx *ctx;

	struct sde_rotator_ctx *ctx;

	struct sde_rot_entry_container *req;

	if (!request || !request->ctx) {

	if (!request || !request->ctx) {

		SDEROT_ERR("invalid parameters\n");

		SDEROT_ERR("invalid parameters\n");

	}

	}

	ctx = request->ctx;

	ctx = request->ctx;

	req = request->req;

	ctx->retired_sequence_id = request->sequence_id;

	if (req && req->entries && req->count)

		ctx->retired_sequence_id =

				req->entries[req->count - 1].item.sequence_id;

	wake_up(&ctx->wait_queue);

	wake_up(&ctx->wait_queue);

	ctx = request->ctx;

	ctx = request->ctx;

	request->req = NULL;

	request->req = NULL;

	request->sequence_id = 0;

	request->committed = false;

	request->committed = false;

	spin_lock(&ctx->list_lock);

	spin_lock(&ctx->list_lock);

	list_del_init(&request->list);

	list_del_init(&request->list);

static bool sde_rotator_is_request_retired(struct sde_rotator_request *request)

static bool sde_rotator_is_request_retired(struct sde_rotator_request *request)

{

{

	struct sde_rotator_ctx *ctx;

	struct sde_rotator_ctx *ctx;

	struct sde_rot_entry_container *req;

	u32 sequence_id;

	u32 sequence_id;

	s32 retire_delta;

	s32 retire_delta;

	if (!request || !request->ctx || !request->req ||

	if (!request || !request->ctx)

			!request->req->entries || !request->req->count)

		return true;

		return true;

	ctx = request->ctx;

	ctx = request->ctx;

	req = request->req;

	sequence_id = request->sequence_id;

	sequence_id = req->entries[req->count - 1].item.sequence_id;

	retire_delta = (s32) (ctx->retired_sequence_id - sequence_id);

	retire_delta = (s32) (ctx->retired_sequence_id - sequence_id);

		}

		}

		request->req = req;

		request->req = req;

		request->sequence_id = req->entries[0].item.sequence_id;

		spin_lock(&ctx->list_lock);

		spin_lock(&ctx->list_lock);

		list_del_init(&request->list);

		list_del_init(&request->list);

	sde_rotator_queue_request(rot_dev->mgr, ctx->private, req);

	sde_rotator_queue_request(rot_dev->mgr, ctx->private, req);

	request->req = req;

	request->req = req;

	request->sequence_id = item.sequence_id;

	request->committed = true;

	return 0;

	return 0;

error_handle_request:

error_handle_request:

error_fence_wait:

error_fence_wait:

error_null_buffer:

error_null_buffer:

	request->req = NULL;

	request->req = NULL;

	request->sequence_id = 0;

	request->committed = false;

	return ret;

	return ret;

}

}

 * @list: list head for submit/retire list

 * @list: list head for submit/retire list

 * @submit_work: submit work structure

 * @submit_work: submit work structure

 * @retire_work: retire work structure

 * @retire_work: retire work structure

 * @request: Pointer to core layer rotator manager request

 * @req: Pointer to core layer rotator manager request

 *	 Request can be freed by core layer during sde_rotator_stop_streaming.

 *	 Avoid dereference in dev layer if possible.

 * @ctx: Pointer to parent context

 * @ctx: Pointer to parent context

 * @committed: true if request committed to hardware

 * @committed: true if request committed to hardware

 * @sequence_id: sequence identifier of this request

 */

 */

struct sde_rotator_request {

struct sde_rotator_request {

	struct list_head list;

	struct list_head list;

	struct sde_rot_entry_container *req;

	struct sde_rot_entry_container *req;

	struct sde_rotator_ctx *ctx;

	struct sde_rotator_ctx *ctx;

	bool committed;

	bool committed;

	u32 sequence_id;

};

};

/*

/*