dsp: add change to handle use-after-free in cal_utils_is_cal_stale

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, cal_data[cal_index]))

			continue;

		if (((struct audio_cal_info_adm_top *)cal_block

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, cal_data[cal_index]))

			continue;

		cal_info = (struct audio_cal_info_adm_top *)

#include <linux/mutex.h>

#include <dsp/audio_cal_utils.h>

spinlock_t cal_lock;

static int unmap_memory(struct cal_type_data *cal_type,

			struct cal_block_data *cal_block);

	int ret = 0;

	struct cal_block_data *cal_block;

	struct audio_cal_type_dealloc *dealloc_data = data;

	unsigned long flags = 0;

	pr_debug("%s\n", __func__);

	if (ret < 0)

		goto err;

	spin_lock_irqsave(&cal_lock, flags);

	delete_cal_block(cal_block);

	spin_unlock_irqrestore(&cal_lock, flags);

err:

	mutex_unlock(&cal_type->lock);

done:

}

EXPORT_SYMBOL(cal_utils_mark_cal_used);

int __init cal_utils_init(void)

{

	spin_lock_init(&cal_lock);

	return 0;

}

/**

 * cal_utils_is_cal_stale

 *

 * @cal_block: pointer to cal block

 *

 * @cal_type: pointer to the cal type

 *

 * Returns true if cal block is stale, false otherwise

 */

bool cal_utils_is_cal_stale(struct cal_block_data *cal_block)

bool cal_utils_is_cal_stale(struct cal_block_data *cal_block, struct cal_type_data *cal_type)

{

	if ((cal_block) && (cal_block->cal_stale))

		return true;

	bool ret = false;

	unsigned long flags = 0;

	return false;

	if (!cal_type) {

		pr_err("%s: cal_type is Null", __func__);

		goto done;

	}

	spin_lock_irqsave(&cal_lock, flags);

	cal_block = cal_utils_get_only_cal_block(cal_type);

	if (!cal_block) {

		pr_err("%s: cal_block is Null", __func__);

		goto unlock;

	}

	if (cal_block->cal_stale)

	    ret = true;

unlock:

	spin_unlock_irqrestore(&cal_lock, flags);

done:

	return ret;

}

EXPORT_SYMBOL(cal_utils_is_cal_stale);

// SPDX-License-Identifier: GPL-2.0-only

/*

 * Copyright (c) 2014, 2016-2017, The Linux Foundation. All rights reserved.

 * Copyright (c) 2014, 2016-2017, 2020, The Linux Foundation. All rights reserved.

 */

#include <linux/slab.h>

#include <linux/fs.h>

	pr_debug("%s\n", __func__);

	cal_utils_init();

	memset(&audio_cal, 0, sizeof(audio_cal));

	mutex_init(&audio_cal.common_lock);

	for (; i < MAX_CAL_TYPES; i++) {

	this_adm.set_custom_topology = 0;

	cal_block = cal_utils_get_only_cal_block(this_adm.cal_data[cal_index]);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block))

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block, this_adm.cal_data[cal_index]))

		goto unlock;

	pr_debug("%s: Sending cal_index %d\n", __func__, cal_index);

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, this_adm.cal_data[cal_index]))

			continue;

		if (cal_index == ADM_AUDPROC_CAL ||

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, this_adm.cal_data[cal_index]))

			continue;

		if (cal_index == ADM_AUDPROC_CAL ||

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, this_adm.cal_data[cal_index]))

			continue;

		if (cal_index == ADM_AUDPROC_CAL ||

	cal_block = cal_utils_get_only_cal_block(

		this_adm.cal_data[ADM_RTAC_AUDVOL_CAL]);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block)) {

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block,

		this_adm.cal_data[ADM_RTAC_AUDVOL_CAL])) {

		pr_err("%s: can't find cal block!\n", __func__);

		goto unlock;

	}

		goto unlock;

	this_afe.set_custom_topology = 0;

	cal_block = cal_utils_get_only_cal_block(this_afe.cal_data[cal_index]);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block)) {

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block, this_afe.cal_data[cal_index])) {

		pr_err("%s cal_block not found!!\n", __func__);

		goto unlock;

	}

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		/* Skip cal_block if it is already marked stale */

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, cal_type))

			continue;

		pr_info("%s: port id: 0x%x, dev_acdb_id: %d\n", __func__,

			 port_id, this_afe.dev_acdb_id[afe_port_index]);

		cal_block = cal_utils_get_only_cal_block(

				this_afe.cal_data[cal_index]);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block)) {

		pr_err("%s cal_block not found!!\n", __func__);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block, this_afe.cal_data[cal_index])) {

		pr_err_ratelimited("%s cal_block not found!!\n", __func__);

		ret = -EINVAL;

		goto unlock;

	}

	}

	mutex_lock(&this_afe.cal_data[cal_index]->lock);

	cal_block = cal_utils_get_only_cal_block(this_afe.cal_data[cal_index]);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block)) {

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block, this_afe.cal_data[cal_index])) {

		pr_err("%s: cal_block not found\n ", __func__);

		mutex_unlock(&this_afe.cal_data[cal_index]->lock);

		ret = -EINVAL;

	mutex_lock(&this_afe.cal_data[cal_index]->lock);

	cal_block = cal_utils_get_only_cal_block(this_afe.cal_data[cal_index]);

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block)) {

	if (cal_block == NULL || cal_utils_is_cal_stale(cal_block, this_afe.cal_data[cal_index])) {

		pr_err("%s: cal_block not found\n", __func__);

		mutex_unlock(&this_afe.cal_data[cal_index]->lock);

		ret = -EINVAL;

		cal_block = list_entry(ptr,

			struct cal_block_data, list);

		if (cal_utils_is_cal_stale(cal_block))

		if (cal_utils_is_cal_stale(cal_block, cal_type))

			continue;

		if (((struct audio_cal_info_hw_delay *)cal_block->cal_info)