Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 525529ef authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "msm: ipa3: Add mutex to prevent race condition"

parents f5473798 9e89a96d

drivers/platform/msm/ipa/ipa_v2/ipa_nat.c

+13 −0
Original line number Diff line number Diff line
@@ -327,14 +327,18 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	size_t tmp;

	gfp_t flag = GFP_KERNEL | (ipa_ctx->use_dma_zone ? GFP_DMA : 0);



	mutex_lock(&ipa_ctx->nat_mem.lock);



	if (!ipa_ctx->nat_mem.is_dev_init) {

		IPAERR_RL("Nat table not initialized\n");

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}



	IPADBG("\n");

	if (init->table_entries == 0) {

		IPADBG("Table entries is zero\n");

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -342,6 +346,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->ipv4_rules_offset >

		(UINT_MAX - (TBL_ENTRY_SIZE * (init->table_entries + 1)))) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Table Entry offset is not
@@ -353,6 +358,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->ipv4_rules_offset, (init->table_entries + 1),

			tmp, ipa_ctx->nat_mem.size);

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -360,6 +366,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->expn_rules_offset >

		UINT_MAX - (TBL_ENTRY_SIZE * init->expn_table_entries)) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Expn Table Entry offset is not
@@ -371,6 +378,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->expn_rules_offset, init->expn_table_entries,

			tmp, ipa_ctx->nat_mem.size);

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -378,6 +386,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->index_offset >

		UINT_MAX - (INDX_TBL_ENTRY_SIZE * (init->table_entries + 1))) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Indx Table Entry offset is not
@@ -389,6 +398,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->index_offset, (init->table_entries + 1),

			tmp, ipa_ctx->nat_mem.size);

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -396,6 +406,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->index_expn_offset >

		(UINT_MAX - (INDX_TBL_ENTRY_SIZE * init->expn_table_entries))) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Expn Table entry offset is not
@@ -407,6 +418,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->index_expn_offset, init->expn_table_entries,

			tmp, ipa_ctx->nat_mem.size);

		mutex_unlock(&ipa_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -555,6 +567,7 @@ free_mem: 
free_nop:

	kfree(reg_write_nop);

bail:

	mutex_unlock(&ipa_ctx->nat_mem.lock);

	return result;

}

drivers/platform/msm/ipa/ipa_v3/ipa_nat.c

+10 −0
Original line number Diff line number Diff line
@@ -368,6 +368,8 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("Detected overflow\n");

		return -EPERM;

	}

	mutex_lock(&ipa3_ctx->nat_mem.lock);



	/* Check Table Entry offset is not

	   beyond allocated size */

	tmp = init->ipv4_rules_offset +
@@ -377,6 +379,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->ipv4_rules_offset, (init->table_entries + 1),

			tmp, ipa3_ctx->nat_mem.size);

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -384,6 +387,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->expn_rules_offset >

		(UINT_MAX - (TBL_ENTRY_SIZE * init->expn_table_entries))) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Expn Table Entry offset is not
@@ -395,6 +399,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->expn_rules_offset, init->expn_table_entries,

			tmp, ipa3_ctx->nat_mem.size);

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -402,6 +407,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->index_offset >

		UINT_MAX - (INDX_TBL_ENTRY_SIZE * (init->table_entries + 1))) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Indx Table Entry offset is not
@@ -413,6 +419,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->index_offset, (init->table_entries + 1),

			tmp, ipa3_ctx->nat_mem.size);

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -420,6 +427,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
	if (init->index_expn_offset >

		UINT_MAX - (INDX_TBL_ENTRY_SIZE * init->expn_table_entries)) {

		IPAERR_RL("Detected overflow\n");

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}

	/* Check Expn Table entry offset is not
@@ -431,6 +439,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) 
		IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n",

			init->index_expn_offset, init->expn_table_entries,

			tmp, ipa3_ctx->nat_mem.size);

		mutex_unlock(&ipa3_ctx->nat_mem.lock);

		return -EPERM;

	}
@@ -580,6 +589,7 @@ destroy_imm_cmd: 
free_nop:

	ipahal_destroy_imm_cmd(nop_cmd_pyld);

bail:

	mutex_unlock(&ipa3_ctx->nat_mem.lock);

	return result;

}