Loading drivers/media/platform/msm/vidc/hfi_response_handler.c +64 −63 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ static enum vidc_status hfi_map_err_status(int hfi_err) return vidc_err; } static int sanitize_session_pkt(struct list_head *sessions, static int validate_session_pkt(struct list_head *sessions, struct hal_session *sess, struct mutex *session_lock) { struct hal_session *session; Loading Loading @@ -184,8 +184,10 @@ static void hfi_process_session_error( } static void hfi_process_event_notify( msm_vidc_callback callback, u32 device_id, struct hfi_msg_event_notify_packet *pkt) struct hfi_msg_event_notify_packet *pkt, struct list_head *sessions, struct mutex *session_lock) { struct hal_session *sess = NULL; dprintk(VIDC_DBG, "RECVD:EVENT_NOTIFY"); if (!callback || !pkt || Loading @@ -193,6 +195,7 @@ static void hfi_process_event_notify( dprintk(VIDC_ERR, "Invalid Params"); return; } sess = (struct hal_session *)pkt->session_id; switch (pkt->event_id) { case HFI_EVENT_SYS_ERROR: Loading @@ -202,11 +205,14 @@ static void hfi_process_event_notify( break; case HFI_EVENT_SESSION_ERROR: dprintk(VIDC_ERR, "HFI_EVENT_SESSION_ERROR"); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_error(callback, device_id, pkt); break; case HFI_EVENT_SESSION_SEQUENCE_CHANGED: dprintk(VIDC_INFO, "HFI_EVENT_SESSION_SEQUENCE_CHANGED"); hfi_process_sess_evt_seq_changed(callback, device_id, pkt); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_sess_evt_seq_changed(callback, device_id, pkt); break; case HFI_EVENT_SESSION_PROPERTY_CHANGED: dprintk(VIDC_INFO, "HFI_EVENT_SESSION_PROPERTY_CHANGED"); Loading Loading @@ -1139,7 +1145,7 @@ u32 hfi_process_msg_packet( struct list_head *sessions, struct mutex *session_lock) { u32 rc = 0; struct hal_session *sess; struct hal_session *sess = NULL; if (!callback || !msg_hdr || msg_hdr->size < VIDC_IFACEQ_MIN_PKT_SIZE) { dprintk(VIDC_ERR, "hal_process_msg_packet:bad" Loading @@ -1148,21 +1154,16 @@ u32 hfi_process_msg_packet( return rc; } #define SANITIZE_SESSION_PKT(msg_pkt) ({ \ sess = (struct hal_session *) \ (((struct vidc_hal_session_cmd_pkt *) \ msg_pkt)->session_id); \ if (sanitize_session_pkt(sessions, sess, session_lock)) \ break; \ }) dprintk(VIDC_INFO, "Received: 0x%x in ", msg_hdr->packet); rc = (u32) msg_hdr->packet; sess = (struct hal_session *)((struct vidc_hal_session_cmd_pkt*) msg_hdr)->session_id; switch (msg_hdr->packet) { case HFI_MSG_EVENT_NOTIFY: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_event_notify(callback, device_id, (struct hfi_msg_event_notify_packet *) msg_hdr); (struct hfi_msg_event_notify_packet *) msg_hdr, sessions, session_lock); break; case HFI_MSG_SYS_INIT_DONE: hfi_process_sys_init_done(callback, device_id, Loading @@ -1173,7 +1174,7 @@ u32 hfi_process_msg_packet( case HFI_MSG_SYS_PC_PREP_DONE: break; case HFI_MSG_SYS_SESSION_INIT_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_init_done(callback, device_id, (struct hfi_msg_sys_session_init_done_packet *) msg_hdr); Loading @@ -1184,53 +1185,54 @@ u32 hfi_process_msg_packet( msg_hdr); break; case HFI_MSG_SYS_SESSION_END_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_end_done(callback, device_id, (struct hfi_msg_sys_session_end_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_LOAD_RESOURCES_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_load_res_done(callback, device_id, (struct hfi_msg_session_load_resources_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_START_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_start_done(callback, device_id, (struct hfi_msg_session_start_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_STOP_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_stop_done(callback, device_id, (struct hfi_msg_session_stop_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_EMPTY_BUFFER_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_etb_done(callback, device_id, (struct hfi_msg_session_empty_buffer_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_FILL_BUFFER_DONE: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_session_ftb_done(callback, device_id, msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_ftb_done(callback, device_id, msg_hdr); break; case HFI_MSG_SESSION_FLUSH_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_flush_done(callback, device_id, (struct hfi_msg_session_flush_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_PROPERTY_INFO: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_prop_info(callback, device_id, (struct hfi_msg_session_property_info_packet *) msg_hdr); break; case HFI_MSG_SESSION_RELEASE_RESOURCES_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_rel_res_done(callback, device_id, (struct hfi_msg_session_release_resources_done_packet *) msg_hdr); Loading @@ -1241,28 +1243,27 @@ u32 hfi_process_msg_packet( msg_hdr); break; case HFI_MSG_SESSION_GET_SEQUENCE_HEADER_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_get_seq_hdr_done( callback, device_id, (struct hfi_msg_session_get_sequence_header_done_packet*) msg_hdr); break; case HFI_MSG_SESSION_RELEASE_BUFFERS_DONE: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_session_rel_buf_done( callback, device_id, (struct hfi_msg_session_release_buffers_done_packet*) if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_rel_buf_done(callback, device_id, (struct hfi_msg_session_release_buffers_done_packet *) msg_hdr); break; case HFI_MSG_SYS_SESSION_ABORT_DONE: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_session_abort_done(callback, device_id, (struct hfi_msg_sys_session_abort_done_packet*) msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_abort_done(callback, device_id, (struct hfi_msg_sys_session_abort_done_packet *) msg_hdr); break; default: dprintk(VIDC_DBG, "UNKNOWN_MSG_TYPE : %d", msg_hdr->packet); break; } #undef SANITIZE_SESSION_PKT return rc; } Loading
drivers/media/platform/msm/vidc/hfi_response_handler.c +64 −63 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ static enum vidc_status hfi_map_err_status(int hfi_err) return vidc_err; } static int sanitize_session_pkt(struct list_head *sessions, static int validate_session_pkt(struct list_head *sessions, struct hal_session *sess, struct mutex *session_lock) { struct hal_session *session; Loading Loading @@ -184,8 +184,10 @@ static void hfi_process_session_error( } static void hfi_process_event_notify( msm_vidc_callback callback, u32 device_id, struct hfi_msg_event_notify_packet *pkt) struct hfi_msg_event_notify_packet *pkt, struct list_head *sessions, struct mutex *session_lock) { struct hal_session *sess = NULL; dprintk(VIDC_DBG, "RECVD:EVENT_NOTIFY"); if (!callback || !pkt || Loading @@ -193,6 +195,7 @@ static void hfi_process_event_notify( dprintk(VIDC_ERR, "Invalid Params"); return; } sess = (struct hal_session *)pkt->session_id; switch (pkt->event_id) { case HFI_EVENT_SYS_ERROR: Loading @@ -202,11 +205,14 @@ static void hfi_process_event_notify( break; case HFI_EVENT_SESSION_ERROR: dprintk(VIDC_ERR, "HFI_EVENT_SESSION_ERROR"); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_error(callback, device_id, pkt); break; case HFI_EVENT_SESSION_SEQUENCE_CHANGED: dprintk(VIDC_INFO, "HFI_EVENT_SESSION_SEQUENCE_CHANGED"); hfi_process_sess_evt_seq_changed(callback, device_id, pkt); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_sess_evt_seq_changed(callback, device_id, pkt); break; case HFI_EVENT_SESSION_PROPERTY_CHANGED: dprintk(VIDC_INFO, "HFI_EVENT_SESSION_PROPERTY_CHANGED"); Loading Loading @@ -1139,7 +1145,7 @@ u32 hfi_process_msg_packet( struct list_head *sessions, struct mutex *session_lock) { u32 rc = 0; struct hal_session *sess; struct hal_session *sess = NULL; if (!callback || !msg_hdr || msg_hdr->size < VIDC_IFACEQ_MIN_PKT_SIZE) { dprintk(VIDC_ERR, "hal_process_msg_packet:bad" Loading @@ -1148,21 +1154,16 @@ u32 hfi_process_msg_packet( return rc; } #define SANITIZE_SESSION_PKT(msg_pkt) ({ \ sess = (struct hal_session *) \ (((struct vidc_hal_session_cmd_pkt *) \ msg_pkt)->session_id); \ if (sanitize_session_pkt(sessions, sess, session_lock)) \ break; \ }) dprintk(VIDC_INFO, "Received: 0x%x in ", msg_hdr->packet); rc = (u32) msg_hdr->packet; sess = (struct hal_session *)((struct vidc_hal_session_cmd_pkt*) msg_hdr)->session_id; switch (msg_hdr->packet) { case HFI_MSG_EVENT_NOTIFY: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_event_notify(callback, device_id, (struct hfi_msg_event_notify_packet *) msg_hdr); (struct hfi_msg_event_notify_packet *) msg_hdr, sessions, session_lock); break; case HFI_MSG_SYS_INIT_DONE: hfi_process_sys_init_done(callback, device_id, Loading @@ -1173,7 +1174,7 @@ u32 hfi_process_msg_packet( case HFI_MSG_SYS_PC_PREP_DONE: break; case HFI_MSG_SYS_SESSION_INIT_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_init_done(callback, device_id, (struct hfi_msg_sys_session_init_done_packet *) msg_hdr); Loading @@ -1184,53 +1185,54 @@ u32 hfi_process_msg_packet( msg_hdr); break; case HFI_MSG_SYS_SESSION_END_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_end_done(callback, device_id, (struct hfi_msg_sys_session_end_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_LOAD_RESOURCES_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_load_res_done(callback, device_id, (struct hfi_msg_session_load_resources_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_START_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_start_done(callback, device_id, (struct hfi_msg_session_start_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_STOP_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_stop_done(callback, device_id, (struct hfi_msg_session_stop_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_EMPTY_BUFFER_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_etb_done(callback, device_id, (struct hfi_msg_session_empty_buffer_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_FILL_BUFFER_DONE: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_session_ftb_done(callback, device_id, msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_ftb_done(callback, device_id, msg_hdr); break; case HFI_MSG_SESSION_FLUSH_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_flush_done(callback, device_id, (struct hfi_msg_session_flush_done_packet *) msg_hdr); break; case HFI_MSG_SESSION_PROPERTY_INFO: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_prop_info(callback, device_id, (struct hfi_msg_session_property_info_packet *) msg_hdr); break; case HFI_MSG_SESSION_RELEASE_RESOURCES_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_rel_res_done(callback, device_id, (struct hfi_msg_session_release_resources_done_packet *) msg_hdr); Loading @@ -1241,28 +1243,27 @@ u32 hfi_process_msg_packet( msg_hdr); break; case HFI_MSG_SESSION_GET_SEQUENCE_HEADER_DONE: SANITIZE_SESSION_PKT(msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_get_seq_hdr_done( callback, device_id, (struct hfi_msg_session_get_sequence_header_done_packet*) msg_hdr); break; case HFI_MSG_SESSION_RELEASE_BUFFERS_DONE: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_session_rel_buf_done( callback, device_id, (struct hfi_msg_session_release_buffers_done_packet*) if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_rel_buf_done(callback, device_id, (struct hfi_msg_session_release_buffers_done_packet *) msg_hdr); break; case HFI_MSG_SYS_SESSION_ABORT_DONE: SANITIZE_SESSION_PKT(msg_hdr); hfi_process_session_abort_done(callback, device_id, (struct hfi_msg_sys_session_abort_done_packet*) msg_hdr); if (!validate_session_pkt(sessions, sess, session_lock)) hfi_process_session_abort_done(callback, device_id, (struct hfi_msg_sys_session_abort_done_packet *) msg_hdr); break; default: dprintk(VIDC_DBG, "UNKNOWN_MSG_TYPE : %d", msg_hdr->packet); break; } #undef SANITIZE_SESSION_PKT return rc; }
