Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 619bab61 authored by Mohammed Javid's avatar Mohammed Javid
Browse files

msm: ipa: Fix the mutex lock 



Anytime before getting a chance to modify NAT pdn,
the NAT memory could be freed while waiting in lock.
Move the mutex lock to appropriate place.
And validate the NAT mem and pdn index after taking
mutex lock.

Change-Id: I7b3c39537be142b60c5ea87c37a80a04d94e8608
Signed-off-by: default avatarMohammed Javid <mjavid@codeaurora.org>
parent e980f66b

drivers/platform/msm/ipa/ipa_v3/ipa_nat.c

+11 −5
Original line number Diff line number Diff line
@@ -1073,26 +1073,32 @@ int ipa3_nat_mdfy_pdn(struct ipa_ioc_nat_pdn_entry *mdfy_pdn) 
	struct ipahal_imm_cmd_pyld *cmd_pyld;

	int result = 0;

	struct ipa3_nat_mem *nat_ctx = &(ipa3_ctx->nat_mem);

	struct ipa_pdn_entry *pdn_entries = nat_ctx->pdn_mem.base;

	struct ipa_pdn_entry *pdn_entries = NULL;



	IPADBG("\n");



	mutex_lock(&nat_ctx->dev.lock);



	if (ipa3_ctx->ipa_hw_type < IPA_HW_v4_0) {

		IPAERR_RL("IPA HW does not support multi PDN\n");

		return -EPERM;

		result = -EPERM;

		goto bail;

	}



	if (!nat_ctx->dev.is_mem_allocated) {

		IPAERR_RL(

			"attempt to modify a PDN entry before the PDN table memory allocation\n");

		return -EPERM;

		result = -EPERM;

		goto bail;

	}



	if (mdfy_pdn->pdn_index > (IPA_MAX_PDN_NUM - 1)) {

		IPAERR_RL("pdn index out of range %d\n", mdfy_pdn->pdn_index);

		return -EPERM;

		result = -EPERM;

		goto bail;

	}



	mutex_lock(&nat_ctx->dev.lock);

	pdn_entries = nat_ctx->pdn_mem.base;



	/* store ip in pdn entries cache array */

	pdn_entries[mdfy_pdn->pdn_index].public_ip =