Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0739405b authored by Edgar Flores's avatar Edgar Flores Committed by Gerrit - the friendly Code Review server
Browse files

msm: adsprpc: prevent use-after-free from fastrpc ctx 



Avoid using fastrpc ctx after sending rpmsg since it may get
free during async session. During async fastrpc session there
is race condition where after sending rpmsg the ctx could be
free from async query thread.

Change-Id: I5738163096e429f19bd9b495699a1897083737b3
Signed-off-by: default avatarEdgar Flores <edgarf@codeaurora.org>
parent adbbbc56

drivers/char/adsprpc.c

+2 −1
Original line number Diff line number Diff line
@@ -2589,7 +2589,8 @@ static int fastrpc_invoke_send(struct smq_invoke_ctx *ctx, 
	}

	err = rpmsg_send(channel_ctx->rpdev->ept, (void *)msg, sizeof(*msg));

	trace_fastrpc_rpmsg_send(fl->cid, (uint64_t)ctx, msg->invoke.header.ctx,

		handle, ctx->sc, msg->invoke.page.addr, msg->invoke.page.size);

		handle, msg->invoke.header.sc, msg->invoke.page.addr,

		msg->invoke.page.size);

	mutex_unlock(&channel_ctx->rpmsg_mutex);

 bail:

	return err;