Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3f6abcc authored by Gauri Joshi's avatar Gauri Joshi
Browse files

msm: mhi_dev: Fix to avoid double free in alloc_evt_buf_evt_req() 



There is a possible race condition, if the client calls
MHI close and channel gets a start command then
mhi_dev_alloc_evt_buf_evt_req() would be called. This can lead to
tr_events and ereqs getting freed from both the contexts.

Fix is to use a mutex to prevent this from happening parallelly.

Change-Id: I9ac10211d5bd5cee96e69b7fc10955e24569cf64
Signed-off-by: default avatarSubramanian Ananthanarayanan <skananth@codeaurora.org>
Signed-off-by: default avatarGauri Joshi <gaurjosh@codeaurora.org>
parent 3e7d0429

drivers/platform/msm/mhi_dev/mhi.c

+2 −0
Original line number Diff line number Diff line
@@ -1713,8 +1713,10 @@ static void mhi_dev_process_cmd_ring(struct mhi_dev *mhi, 
					return;

				}

			}

			mutex_lock(&mhi->ch[ch_id].ch_lock);

			mhi_dev_alloc_evt_buf_evt_req(mhi, &mhi->ch[ch_id],

					evt_ring);

			mutex_unlock(&mhi->ch[ch_id].ch_lock);

		}



		if (MHI_USE_DMA(mhi))