Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be2827a1 authored by David Dai's avatar David Dai
Browse files

msm: msm_bus: Make locking during handoff more monolithic 



This fixes a race condition during a client bandwidth request
at late_init time whereby a bus device may have its link severed
and connected to a different list, causing null ptr access when
accessing the original commit list.

Change-Id: I469bdf7afb6483ea14b42c8364458d5a954a4166
Signed-off-by: default avatarDavid Dai <daidavid1@codeaurora.org>
parent 5915565f

drivers/soc/qcom/msm_bus/msm_bus_arb_rpmh.c

+5 −4
Original line number Diff line number Diff line
@@ -706,8 +706,6 @@ int bcm_remove_handoff_req(struct device *dev, void *data) 
	struct msm_bus_node_device_type *cur_rsc = NULL;

	int ret = 0;



	rt_mutex_lock(&msm_bus_adhoc_lock);



	bus_dev = to_msm_bus_node(dev);

	if (bus_dev->node_info->is_bcm_dev ||

		bus_dev->node_info->is_fab_dev ||
@@ -730,7 +728,6 @@ int bcm_remove_handoff_req(struct device *dev, void *data) 
	}



exit_bcm_remove_handoff_req:

	rt_mutex_unlock(&msm_bus_adhoc_lock);

	return ret;

}
@@ -857,14 +854,18 @@ static void commit_data(void) 
	INIT_LIST_HEAD(&commit_list);

}



void commit_late_init_data(void)

int commit_late_init_data(void)

{

	int rc;

	rt_mutex_lock(&msm_bus_adhoc_lock);

	rc = bus_for_each_dev(&msm_bus_type, NULL, NULL,

						bcm_remove_handoff_req);



	msm_bus_commit_data(&late_init_clist);

	INIT_LIST_HEAD(&late_init_clist);



	rt_mutex_unlock(&msm_bus_adhoc_lock);

	return rc;

}

drivers/soc/qcom/msm_bus/msm_bus_fabric_rpmh.c

+1 −7
Original line number Diff line number Diff line
@@ -1689,15 +1689,9 @@ int __init msm_bus_device_init_driver(void) 


int __init msm_bus_device_late_init(void)

{

	int rc;



	MSM_BUS_ERR("msm_bus_late_init: Remove handoff bw requests\n");

	init_time = false;

	rc = bus_for_each_dev(&msm_bus_type, NULL, NULL,

						bcm_remove_handoff_req);



	commit_late_init_data();

	return rc;

	return commit_late_init_data();

}

subsys_initcall(msm_bus_device_init_driver);

late_initcall_sync(msm_bus_device_late_init);

drivers/soc/qcom/msm_bus/msm_bus_rpmh.h

+1 −1
Original line number Diff line number Diff line
@@ -205,7 +205,7 @@ int msm_bus_enable_limiter(struct msm_bus_node_device_type *nodedev, 
				int throttle_en, uint64_t lim_bw);

int msm_bus_commit_data(struct list_head *clist);

int bcm_remove_handoff_req(struct device *dev, void *data);

void commit_late_init_data(void);

int commit_late_init_data(void);

int msm_bus_query_gen(struct list_head *qlist,

				struct msm_bus_tcs_usecase *tcs_usecase);

void *msm_bus_realloc_devmem(struct device *dev, void *p, size_t old_size,