Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ec24ad80 authored by Shrey Vijay's avatar Shrey Vijay
Browse files

slimbus: slim-msm-ngd: Fix corner case to avoid NULL access 



For asynchronus read transfer, BAM RX callback can be received
before main thread completes ngd_xfer_msg function execution.

Keep a check to avoid accessing transfer structure, which
may get freed in early RX callback.

Signed-off-by: default avatarShrey Vijay <shreyv@codeaurora.org>
Change-Id: Ie96e669be9282687acd22365b68ac9f4ae659030
parent ddbece73

drivers/slimbus/slim-msm-ngd.c

+4 −3
Original line number Diff line number Diff line 
/* Copyright (c) 2011-2017, The Linux Foundation. All rights reserved.

/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -425,6 +425,7 @@ static int ngd_xfer_msg(struct slim_controller *ctrl, struct slim_msg_txn *txn) 
	const u8 *old_wbuf = NULL;

	bool report_sat = false;

	bool sync_wr = true;

	bool txn_async = txn->async;



	memset(wbuf, 0, sizeof(wbuf));

	if (txn->mc & SLIM_MSG_CLK_PAUSE_SEQ_FLG)
@@ -769,9 +770,9 @@ static int ngd_xfer_msg(struct slim_controller *ctrl, struct slim_msg_txn *txn) 
		msm_slim_put_ctrl(dev);

	}

ngd_xfer_ret:

	if (txn->wbuf == wbuf)

	if (!txn_async && txn->wbuf == wbuf)

		txn->wbuf = old_wbuf;

	if (txn->comp == &done)

	if (!txn_async && txn->comp == &done)

		txn->comp = NULL;

	return ret ? ret : dev->err;

}