Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c9c62bcd authored by Shravya Samala's avatar Shravya Samala Committed by Gerrit - the friendly Code Review server
Browse files

msm: camera: cdm: Acquire mutex lock before accessing client data 



There is a chance of use after release of client data in
cdm internal operation calls. Hence acquire mutex lock whenever
accessing client data to avoid use after release scenario.

CRs-Fixed: 3010261
Change-Id: Iaf7f41d56301299a6f63a5dc1090334063019881
Signed-off-by: default avatarShravya Samala <shravyas@codeaurora.org>
parent bf1f4e42

drivers/cam_cdm/cam_cdm_core_common.c

+9 −8
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.

 * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.

 */



#include <linux/delay.h>
@@ -201,6 +201,7 @@ void cam_cdm_notify_clients(struct cam_hw_info *cdm_hw, 


	for (i = 0; i < CAM_PER_CDM_MAX_REGISTERED_CLIENTS; i++) {

		if (core->clients[i] != NULL) {

			mutex_lock(&cdm_hw->hw_mutex);

			client = core->clients[i];

			mutex_lock(&client->lock);

			CAM_DBG(CAM_CDM, "Found client slot %d", i);
@@ -221,6 +222,7 @@ void cam_cdm_notify_clients(struct cam_hw_info *cdm_hw, 
					client->handle);

			}

			mutex_unlock(&client->lock);

			mutex_unlock(&cdm_hw->hw_mutex);

		}

	}

}
@@ -239,35 +241,34 @@ int cam_cdm_stream_ops_internal(void *hw_priv, 
		return -EINVAL;



	core = (struct cam_cdm *)cdm_hw->core_info;

	mutex_lock(&cdm_hw->hw_mutex);

	client_idx = CAM_CDM_GET_CLIENT_IDX(*handle);

	client = core->clients[client_idx];

	if (!client) {

		CAM_ERR(CAM_CDM, "Invalid client %pK hdl=%x", client, *handle);

		mutex_unlock(&cdm_hw->hw_mutex);

		return -EINVAL;

	}

	cam_cdm_get_client_refcount(client);

	if (*handle != client->handle) {

		CAM_ERR(CAM_CDM, "client id given handle=%x invalid", *handle);

		cam_cdm_put_client_refcount(client);

		return -EINVAL;

		rc = -EINVAL;

		goto end;

	}

	if (operation == true) {

		if (true == client->stream_on) {

			CAM_ERR(CAM_CDM,

				"Invalid CDM client is already streamed ON");

			cam_cdm_put_client_refcount(client);

			return rc;

			goto end;

		}

	} else {

		if (client->stream_on == false) {

			CAM_ERR(CAM_CDM,

				"Invalid CDM client is already streamed Off");

			cam_cdm_put_client_refcount(client);

			return rc;

			goto end;

		}

	}



	mutex_lock(&cdm_hw->hw_mutex);

	if (operation == true) {

		if (!cdm_hw->open_count) {

			struct cam_ahb_vote ahb_vote;