Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 720c2457 authored by Tharun Kumar Merugu's avatar Tharun Kumar Merugu
Browse files

msm: adsprpc: Use unsigned integer for length values 



As the length datatype is signed, supplying a negative number
can have undesired consequences. Always use unsigned integer
types for length values.

Change-Id: Ifde2f0d35129014b976507f7723a319c53fabddf
Acked-by: default avatarThyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: default avatarTharun Kumar Merugu <mtharu@codeaurora.org>
parent 5529a308

drivers/char/adsprpc.c

+130 −119
Original line number Diff line number Diff line
@@ -111,11 +111,11 @@ static inline uint64_t buf_page_offset(uint64_t buf) 
	return offset;

}



static inline int buf_num_pages(uint64_t buf, ssize_t len)

static inline uint64_t buf_num_pages(uint64_t buf, size_t len)

{

	uint64_t start = buf_page_start(buf) >> PAGE_SHIFT;

	uint64_t end = (((uint64_t) buf + len - 1) & PAGE_MASK) >> PAGE_SHIFT;

	int nPages = end - start + 1;

	uint64_t nPages = end - start + 1;

	return nPages;

}
@@ -144,7 +144,7 @@ struct fastrpc_buf { 
	struct fastrpc_file *fl;

	void *virt;

	uint64_t phys;

	ssize_t size;

	size_t size;

};



struct fastrpc_ctx_lst;
@@ -170,7 +170,7 @@ struct smq_invoke_ctx { 
	unsigned *attrs;

	struct fastrpc_mmap **maps;

	struct fastrpc_buf *buf;

	ssize_t used;

	size_t used;

	struct fastrpc_file *fl;

	uint32_t sc;

	struct overlap *overs;
@@ -259,9 +259,9 @@ struct fastrpc_mmap { 
	struct dma_buf_attachment *attach;

	struct ion_handle *handle;

	uint64_t phys;

	ssize_t size;

	size_t size;

	uintptr_t va;

	ssize_t len;

	size_t len;

	int refs;

	uintptr_t raddr;

	int uncached;
@@ -347,7 +347,7 @@ static inline int64_t getnstimediff(struct timespec *start) 


static void fastrpc_buf_free(struct fastrpc_buf *buf, int cache)

{

	struct fastrpc_file *fl = buf == 0 ? 0 : buf->fl;

	struct fastrpc_file *fl = buf == NULL ? NULL : buf->fl;

	int vmid;



	if (!fl)
@@ -382,7 +382,8 @@ static void fastrpc_buf_list_free(struct fastrpc_file *fl) 
	struct fastrpc_buf *buf, *free;

	do {

		struct hlist_node *n;

		free = 0;



		free = NULL;

		spin_lock(&fl->hlock);

		hlist_for_each_entry_safe(buf, n, &fl->bufs, hn) {

			hlist_del_init(&buf->hn);
@@ -414,11 +415,14 @@ static void fastrpc_mmap_add(struct fastrpc_mmap *map) 
}



static int fastrpc_mmap_find(struct fastrpc_file *fl, int fd, uintptr_t va,

			ssize_t len, int mflags, struct fastrpc_mmap **ppmap)

			size_t len, int mflags, struct fastrpc_mmap **ppmap)

{

	struct fastrpc_apps *me = &gfa;

	struct fastrpc_mmap *match = 0, *map;

	struct fastrpc_mmap *match = NULL, *map = NULL;

	struct hlist_node *n;



	if ((va + len) < va)

		return -EOVERFLOW;

	if (mflags == ADSP_MMAP_HEAP_ADDR ||

				 mflags == ADSP_MMAP_REMOTE_HEAP_ADDR) {

		spin_lock(&me->hlock);
@@ -452,10 +456,10 @@ static int fastrpc_mmap_find(struct fastrpc_file *fl, int fd, uintptr_t va, 
	return -ENOTTY;

}



static int dma_alloc_memory(phys_addr_t *region_start, ssize_t size)

static int dma_alloc_memory(phys_addr_t *region_start, size_t size)

{

	struct fastrpc_apps *me = &gfa;

	void *vaddr = 0;

	void *vaddr = NULL;

	DEFINE_DMA_ATTRS(attrs);



	if (me->dev == NULL) {
@@ -475,9 +479,9 @@ static int dma_alloc_memory(phys_addr_t *region_start, ssize_t size) 
}



static int fastrpc_mmap_remove(struct fastrpc_file *fl, uintptr_t va,

			       ssize_t len, struct fastrpc_mmap **ppmap)

			       size_t len, struct fastrpc_mmap **ppmap)

{

	struct fastrpc_mmap *match = 0, *map;

	struct fastrpc_mmap *match = NULL, *map;

	struct hlist_node *n;

	struct fastrpc_apps *me = &gfa;
@@ -595,14 +599,14 @@ static int fastrpc_session_alloc(struct fastrpc_channel_ctx *chan, int secure, 
					struct fastrpc_session_ctx **session);



static int fastrpc_mmap_create(struct fastrpc_file *fl, int fd, unsigned attr,

	uintptr_t va, ssize_t len, int mflags, struct fastrpc_mmap **ppmap)

	uintptr_t va, size_t len, int mflags, struct fastrpc_mmap **ppmap)

{

	struct fastrpc_apps *me = &gfa;

	struct fastrpc_session_ctx *sess;

	struct fastrpc_apps *apps = fl->apps;

	int cid = fl->cid;

	struct fastrpc_channel_ctx *chan = &apps->channel[cid];

	struct fastrpc_mmap *map = 0;

	struct fastrpc_mmap *map = NULL;

	struct dma_attrs attrs;

	phys_addr_t region_start = 0;

	unsigned long flags;
@@ -623,13 +627,13 @@ static int fastrpc_mmap_create(struct fastrpc_file *fl, int fd, unsigned attr, 
	if (mflags == ADSP_MMAP_HEAP_ADDR ||

				mflags == ADSP_MMAP_REMOTE_HEAP_ADDR) {

		map->apps = me;

		map->fl = 0;

		map->fl = NULL;

		VERIFY(err, !dma_alloc_memory(&region_start, len));

		if (err)

			goto bail;

		map->phys = (uintptr_t)region_start;

		map->size = len;

		map->va = map->phys;

		map->va = (uintptr_t)map->phys;

	} else {

		VERIFY(err, !IS_ERR_OR_NULL(map->handle =

				ion_import_dma_buf(fl->apps->client, fd)));
@@ -727,11 +731,11 @@ bail: 
	return err;

}



static int fastrpc_buf_alloc(struct fastrpc_file *fl, ssize_t size,

static int fastrpc_buf_alloc(struct fastrpc_file *fl, size_t size,

			     struct fastrpc_buf **obuf)

{

	int err = 0, vmid;

	struct fastrpc_buf *buf = 0, *fr = 0;

	struct fastrpc_buf *buf = NULL, *fr = NULL;

	struct hlist_node *n;



	VERIFY(err, size > 0);
@@ -751,13 +755,13 @@ static int fastrpc_buf_alloc(struct fastrpc_file *fl, ssize_t size, 
		*obuf = fr;

		return 0;

	}

	buf = 0;

	VERIFY(err, buf = kzalloc(sizeof(*buf), GFP_KERNEL));

	buf = NULL;

	VERIFY(err, NULL != (buf = kzalloc(sizeof(*buf), GFP_KERNEL)));

	if (err)

		goto bail;

	INIT_HLIST_NODE(&buf->hn);

	buf->fl = fl;

	buf->virt = 0;

	buf->virt = NULL;

	buf->phys = 0;

	buf->size = size;

	buf->virt = dma_alloc_coherent(fl->sctx->smmu.dev, buf->size,
@@ -799,7 +803,7 @@ static int context_restore_interrupted(struct fastrpc_file *fl, 
				       struct smq_invoke_ctx **po)

{

	int err = 0;

	struct smq_invoke_ctx *ctx = 0, *ictx = 0;

	struct smq_invoke_ctx *ctx = NULL, *ictx = NULL;

	struct hlist_node *n;

	struct fastrpc_ioctl_invoke *invoke = &inv->inv;

	spin_lock(&fl->hlock);
@@ -852,7 +856,7 @@ static int context_build_overlap(struct smq_invoke_ctx *ctx) 
		ctx->overs[i].raix = i;

		ctx->overps[i] = &ctx->overs[i];

	}

	sort(ctx->overps, nbufs, sizeof(*ctx->overps), overlap_ptr_cmp, 0);

	sort(ctx->overps, nbufs, sizeof(*ctx->overps), overlap_ptr_cmp, NULL);

	max.start = 0;

	max.end = 0;

	for (i = 0; i < nbufs; ++i) {
@@ -881,7 +885,8 @@ bail: 
#define K_COPY_FROM_USER(err, kernel, dst, src, size) \

	do {\

		if (!(kernel))\

			VERIFY(err, 0 == copy_from_user((dst), (src),\

			VERIFY(err, 0 == copy_from_user((dst),\

			(void const __user *)(src),\

							(size)));\

		else\

			memmove((dst), (src), (size));\
@@ -890,8 +895,8 @@ bail: 
#define K_COPY_TO_USER(err, kernel, dst, src, size) \

	do {\

		if (!(kernel))\

			VERIFY(err, 0 == copy_to_user((dst), (src),\

						      (size)));\

			VERIFY(err, 0 == copy_to_user((void __user *)(dst), \

						(src), (size)));\

		else\

			memmove((dst), (src), (size));\

	} while (0)
@@ -904,7 +909,7 @@ static int context_alloc(struct fastrpc_file *fl, uint32_t kernel, 
			 struct smq_invoke_ctx **po)

{

	int err = 0, bufs, size = 0;

	struct smq_invoke_ctx *ctx = 0;

	struct smq_invoke_ctx *ctx = NULL;

	struct fastrpc_ctx_lst *clst = &fl->clst;

	struct fastrpc_ioctl_invoke *invoke = &invokefd->inv;
@@ -915,7 +920,7 @@ static int context_alloc(struct fastrpc_file *fl, uint32_t kernel, 
		sizeof(*ctx->overs) * (bufs) +

		sizeof(*ctx->overps) * (bufs);



	VERIFY(err, ctx = kzalloc(sizeof(*ctx) + size, GFP_KERNEL));

	VERIFY(err, NULL != (ctx = kzalloc(sizeof(*ctx) + size, GFP_KERNEL)));

	if (err)

		goto bail;
@@ -929,7 +934,7 @@ static int context_alloc(struct fastrpc_file *fl, uint32_t kernel, 
	ctx->overs = (struct overlap *)(&ctx->attrs[bufs]);

	ctx->overps = (struct overlap **)(&ctx->overs[bufs]);



	K_COPY_FROM_USER(err, kernel, ctx->lpra, invoke->pra,

	K_COPY_FROM_USER(err, kernel, (void *)ctx->lpra, invoke->pra,

					bufs * sizeof(*ctx->lpra));

	if (err)

		goto bail;
@@ -1039,10 +1044,10 @@ static void context_list_ctor(struct fastrpc_ctx_lst *me) 
static void fastrpc_context_list_dtor(struct fastrpc_file *fl)

{

	struct fastrpc_ctx_lst *clst = &fl->clst;

	struct smq_invoke_ctx *ictx = 0, *ctxfree;

	struct smq_invoke_ctx *ictx = NULL, *ctxfree;

	struct hlist_node *n;

	do {

		ctxfree = 0;

		ctxfree = NULL;

		spin_lock(&fl->hlock);

		hlist_for_each_entry_safe(ictx, n, &clst->interrupted, hn) {

			hlist_del_init(&ictx->hn);
@@ -1054,7 +1059,7 @@ static void fastrpc_context_list_dtor(struct fastrpc_file *fl) 
			context_free(ctxfree);

	} while (ctxfree);

	do {

		ctxfree = 0;

		ctxfree = NULL;

		spin_lock(&fl->hlock);

		hlist_for_each_entry_safe(ictx, n, &clst->pending, hn) {

			hlist_del_init(&ictx->hn);
@@ -1073,7 +1078,7 @@ static void fastrpc_file_list_dtor(struct fastrpc_apps *me) 
	struct fastrpc_file *fl, *free;

	struct hlist_node *n;

	do {

		free = 0;

		free = NULL;

		spin_lock(&me->hlock);

		hlist_for_each_entry_safe(fl, n, &me->drivers, hn) {

			hlist_del_init(&fl->hn);
@@ -1097,20 +1102,20 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	int outbufs = REMOTE_SCALARS_OUTBUFS(sc);

	int bufs = inbufs + outbufs;

	uintptr_t args;

	ssize_t rlen = 0, copylen = 0, metalen = 0;

	size_t rlen = 0, copylen = 0, metalen = 0;

	int i, inh, oix;

	int err = 0;

	int mflags = 0;



	/* calculate size of the metadata */

	rpra = 0;

	rpra = NULL;

	list = smq_invoke_buf_start(rpra, sc);

	pages = smq_phy_page_start(sc, list);

	ipage = pages;



	for (i = 0; i < bufs; ++i) {

		uintptr_t buf = (uintptr_t)lpra[i].buf.pv;

		ssize_t len = lpra[i].buf.len;

		size_t len = lpra[i].buf.len;



		if (ctx->fds[i] && (ctx->fds[i] != -1))

			fastrpc_mmap_create(ctx->fl, ctx->fds[i],
@@ -1118,12 +1123,13 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
					mflags, &ctx->maps[i]);

		ipage += 1;

	}

	metalen = copylen = (ssize_t)&ipage[0];

	metalen = copylen = (size_t)&ipage[0];

	/* calculate len requreed for copying */

	for (oix = 0; oix < inbufs + outbufs; ++oix) {

		int i = ctx->overps[oix]->raix;

		uintptr_t mstart, mend;

		ssize_t len = lpra[i].buf.len;

		size_t len = lpra[i].buf.len;



		if (!len)

			continue;

		if (ctx->maps[i])
@@ -1159,7 +1165,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	ipage = pages;

	args = (uintptr_t)ctx->buf->virt + metalen;

	for (i = 0; i < bufs; ++i) {

		ssize_t len = lpra[i].buf.len;

		size_t len = lpra[i].buf.len;

		list[i].num = 0;

		list[i].pgidx = 0;

		if (!len)
@@ -1173,7 +1179,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	for (i = 0; i < inbufs + outbufs; ++i) {

		struct fastrpc_mmap *map = ctx->maps[i];

		uint64_t buf = ptr_to_uint64(lpra[i].buf.pv);

		ssize_t len = lpra[i].buf.len;

		size_t len = lpra[i].buf.len;

		rpra[i].buf.pv = 0;

		rpra[i].buf.len = len;

		if (!len)
@@ -1181,7 +1187,7 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
		if (map) {

			struct vm_area_struct *vma;

			uintptr_t offset;

			int num = buf_num_pages(buf, len);

			uint64_t num = buf_num_pages(buf, len);

			int idx = list[i].pgidx;



			if (map->attr & FASTRPC_ATTR_NOVA) {
@@ -1213,9 +1219,10 @@ static int get_args(uint32_t kernel, struct smq_invoke_ctx *ctx) 
	for (oix = 0; oix < inbufs + outbufs; ++oix) {

		int i = ctx->overps[oix]->raix;

		struct fastrpc_mmap *map = ctx->maps[i];

		ssize_t mlen;

		size_t mlen;

		uint64_t buf;

		ssize_t len = lpra[i].buf.len;

		size_t len = lpra[i].buf.len;



		if (!len)

			continue;

		if (map)
@@ -1306,7 +1313,7 @@ static int put_args(uint32_t kernel, struct smq_invoke_ctx *ctx, 
				goto bail;

		} else {

			fastrpc_mmap_free(ctx->maps[i]);

			ctx->maps[i] = 0;

			ctx->maps[i] = NULL;

		}

	}

	size = sizeof(*rpra) * REMOTE_SCALARS_OUTHANDLES(sc);
@@ -1422,7 +1429,7 @@ static int fastrpc_invoke_send(struct smq_invoke_ctx *ctx, 
	struct fastrpc_channel_ctx *channel_ctx = &fl->apps->channel[fl->cid];

	int err = 0, len;



	VERIFY(err, 0 != channel_ctx->chan);

	VERIFY(err, NULL != channel_ctx->chan);

	if (err)

		goto bail;

	msg->pid = current->tgid;
@@ -1521,17 +1528,17 @@ static int fastrpc_internal_invoke(struct fastrpc_file *fl, uint32_t mode, 
				   uint32_t kernel,

				   struct fastrpc_ioctl_invoke_attrs *inv)

{

	struct smq_invoke_ctx *ctx = 0;

	struct smq_invoke_ctx *ctx = NULL;

	struct fastrpc_ioctl_invoke *invoke = &inv->inv;

	int cid = fl->cid;

	int interrupted = 0;

	int err = 0;

	struct timespec invoket;

	struct timespec invoket = {0};



	if (fl->profile)

		getnstimeofday(&invoket);



	VERIFY(err, fl->sctx);

	VERIFY(err, fl->sctx != NULL);

	if (err)

		goto bail;

	VERIFY(err, fl->cid >= 0 && fl->cid < NUM_CHANNELS);
@@ -1624,14 +1631,14 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
	struct fastrpc_ioctl_invoke_attrs ioctl;

	struct fastrpc_ioctl_init *init = &uproc->init;

	struct smq_phy_page pages[1];

	struct fastrpc_mmap *file = 0, *mem = 0;

	struct fastrpc_mmap *file = NULL, *mem = NULL;

	char *proc_name = NULL;

	int srcVM[1] = {VMID_HLOS};

	int destVM[1] = {gcinfo[0].heap_vmid};

	int destVMperm[1] = {PERM_READ | PERM_WRITE | PERM_EXEC};

	int hlosVMperm[1] = {PERM_READ | PERM_WRITE | PERM_EXEC};



	VERIFY(err, !fastrpc_channel_open(fl));

	VERIFY(err, 0 == (err = fastrpc_channel_open(fl)));

	if (err)

		goto bail;

	if (init->flags == FASTRPC_INIT_ATTACH) {
@@ -1642,8 +1649,8 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
		ioctl.inv.handle = 1;

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(0, 1, 0);

		ioctl.inv.pra = ra;

		ioctl.fds = 0;

		ioctl.attrs = 0;

		ioctl.fds = NULL;

		ioctl.attrs = NULL;

		fl->pd = 0;

		VERIFY(err, !(err = fastrpc_internal_invoke(fl,

			FASTRPC_MODE_PARALLEL, 1, &ioctl)));
@@ -1655,9 +1662,9 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
		int mflags = 0;

		struct {

			int pgid;

			int namelen;

			int filelen;

			int pageslen;

			unsigned int namelen;

			unsigned int filelen;

			unsigned int pageslen;

			int attrs;

			int siglen;

		} inbuf;
@@ -1718,7 +1725,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
			ioctl.inv.sc = REMOTE_SCALARS_MAKE(7, 6, 0);

		ioctl.inv.pra = ra;

		ioctl.fds = fds;

		ioctl.attrs = 0;

		ioctl.attrs = NULL;

		VERIFY(err, !(err = fastrpc_internal_invoke(fl,

			FASTRPC_MODE_PARALLEL, 1, &ioctl)));

		if (err)
@@ -1726,12 +1733,12 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
	} else if (init->flags == FASTRPC_INIT_CREATE_STATIC) {

		remote_arg_t ra[3];

		uint64_t phys = 0;

		ssize_t size = 0;

		size_t size = 0;

		int fds[3];

		struct {

			int pgid;

			int namelen;

			int pageslen;

			unsigned int namelen;

			unsigned int pageslen;

		} inbuf;



		if (!init->filelen)
@@ -1785,8 +1792,8 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 


		ioctl.inv.sc = REMOTE_SCALARS_MAKE(8, 3, 0);

		ioctl.inv.pra = ra;

		ioctl.fds = 0;

		ioctl.attrs = 0;

		ioctl.fds = NULL;

		ioctl.attrs = NULL;

		VERIFY(err, !(err = fastrpc_internal_invoke(fl,

			FASTRPC_MODE_PARALLEL, 1, &ioctl)));

		if (err)
@@ -1819,7 +1826,7 @@ static int fastrpc_release_current_dsp_process(struct fastrpc_file *fl) 
	VERIFY(err, fl->cid >= 0 && fl->cid < NUM_CHANNELS);

	if (err)

		goto bail;

	VERIFY(err, fl->apps->channel[fl->cid].chan != 0);

	VERIFY(err, fl->apps->channel[fl->cid].chan != NULL);

	if (err)

		goto bail;

	tgid = fl->tgid;
@@ -1828,8 +1835,8 @@ static int fastrpc_release_current_dsp_process(struct fastrpc_file *fl) 
	ioctl.inv.handle = 1;

	ioctl.inv.sc = REMOTE_SCALARS_MAKE(1, 1, 0);

	ioctl.inv.pra = ra;

	ioctl.fds = 0;

	ioctl.attrs = 0;

	ioctl.fds = NULL;

	ioctl.attrs = NULL;

	VERIFY(err, 0 == (err = fastrpc_internal_invoke(fl,

		FASTRPC_MODE_PARALLEL, 1, &ioctl)));

bail:
@@ -1874,8 +1881,8 @@ static int fastrpc_mmap_on_dsp(struct fastrpc_file *fl, uint32_t flags, 
	else

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(2, 2, 1);

	ioctl.inv.pra = ra;

	ioctl.fds = 0;

	ioctl.attrs = 0;

	ioctl.fds = NULL;

	ioctl.attrs = NULL;

	VERIFY(err, 0 == (err = fastrpc_internal_invoke(fl,

		FASTRPC_MODE_PARALLEL, 1, &ioctl)));

	map->raddr = (uintptr_t)routargs.vaddrout;
@@ -1928,8 +1935,8 @@ static int fastrpc_munmap_on_dsp_rh(struct fastrpc_file *fl, 
		ioctl.inv.handle = 1;

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(7, 0, 1);

		ioctl.inv.pra = ra;

		ioctl.fds = 0;

		ioctl.attrs = 0;

		ioctl.fds = NULL;

		ioctl.attrs = NULL;

		if (fl == NULL)

			goto bail;
@@ -1964,7 +1971,7 @@ static int fastrpc_munmap_on_dsp(struct fastrpc_file *fl, 
	struct {

		int pid;

		uintptr_t vaddrout;

		ssize_t size;

		size_t size;

	} inargs;



	inargs.pid = current->tgid;
@@ -1979,8 +1986,8 @@ static int fastrpc_munmap_on_dsp(struct fastrpc_file *fl, 
	else

		ioctl.inv.sc = REMOTE_SCALARS_MAKE(3, 1, 0);

	ioctl.inv.pra = ra;

	ioctl.fds = 0;

	ioctl.attrs = 0;

	ioctl.fds = NULL;

	ioctl.attrs = NULL;

	VERIFY(err, 0 == (err = fastrpc_internal_invoke(fl,

		FASTRPC_MODE_PARALLEL, 1, &ioctl)));

	if (err)
@@ -1997,13 +2004,14 @@ bail: 


static int fastrpc_mmap_remove_ssr(struct fastrpc_file *fl)

{

	struct fastrpc_mmap *match = 0, *map = NULL;

	struct fastrpc_mmap *match = NULL, *map = NULL;

	struct hlist_node *n = NULL;

	int err = 0, ret = 0;

	struct fastrpc_apps *me = &gfa;

	struct ramdump_segment *ramdump_segments_rh = NULL;



	do {

		match = 0;

		match = NULL;

		spin_lock(&me->hlock);

		hlist_for_each_entry_safe(map, n, &me->maps, hn) {

			match = map;
@@ -2041,7 +2049,7 @@ bail: 
}



static int fastrpc_mmap_remove(struct fastrpc_file *fl, uintptr_t va,

			     ssize_t len, struct fastrpc_mmap **ppmap);

			     size_t len, struct fastrpc_mmap **ppmap);



static void fastrpc_mmap_add(struct fastrpc_mmap *map);
@@ -2049,7 +2057,7 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl, 
				   struct fastrpc_ioctl_munmap *ud)

{

	int err = 0;

	struct fastrpc_mmap *map = 0;

	struct fastrpc_mmap *map = NULL;



	VERIFY(err, !fastrpc_mmap_remove(fl, ud->vaddrout, ud->size, &map));

	if (err)
@@ -2068,7 +2076,7 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl, 
				 struct fastrpc_ioctl_mmap *ud)

{



	struct fastrpc_mmap *map = 0;

	struct fastrpc_mmap *map = NULL;

	int err = 0;

	if (!fastrpc_mmap_find(fl, ud->fd, (uintptr_t)ud->vaddrin, ud->size,

			       ud->flags, &map))
@@ -2101,7 +2109,7 @@ static void fastrpc_channel_close(struct kref *kref) 
	else

		fastrpc_glink_close(ctx->chan, cid);



	ctx->chan = 0;

	ctx->chan = NULL;

	mutex_unlock(&me->smd_mutex);

	pr_info("'closed /dev/%s c %d %d'\n", gcinfo[cid].name,

						MAJOR(me->dev_no), cid);
@@ -2140,19 +2148,20 @@ static int fastrpc_session_alloc_locked(struct fastrpc_channel_ctx *chan, 
	return err;

}



bool fastrpc_glink_notify_rx_intent_req(void *h, const void *priv, size_t size)

static bool fastrpc_glink_notify_rx_intent_req(void *h, const void *priv,

						size_t size)

{

	if (glink_queue_rx_intent(h, NULL, size))

		return false;

	return true;

}



void fastrpc_glink_notify_tx_done(void *handle, const void *priv,

static void fastrpc_glink_notify_tx_done(void *handle, const void *priv,

		const void *pkt_priv, const void *ptr)

{

}



void fastrpc_glink_notify_rx(void *handle, const void *priv,

static void fastrpc_glink_notify_rx(void *handle, const void *priv,

	const void *pkt_priv, const void *ptr, size_t size)

{

	struct smq_invoke_rsp *rsp = (struct smq_invoke_rsp *)ptr;
@@ -2167,7 +2176,8 @@ void fastrpc_glink_notify_rx(void *handle, const void *priv, 
	glink_rx_done(handle, ptr, true);

}



void fastrpc_glink_notify_state(void *handle, const void *priv, unsigned event)

static void fastrpc_glink_notify_state(void *handle, const void *priv,

				unsigned int event)

{

	struct fastrpc_apps *me = &gfa;

	int cid = (int)(uintptr_t)priv;
@@ -2221,7 +2231,7 @@ static void fastrpc_session_free(struct fastrpc_channel_ctx *chan, 
static int fastrpc_file_free(struct fastrpc_file *fl)

{

	struct hlist_node *n;

	struct fastrpc_mmap *map = 0;

	struct fastrpc_mmap *map = NULL;

	int cid;



	if (!fl)
@@ -2264,7 +2274,7 @@ static int fastrpc_device_release(struct inode *inode, struct file *file) 
		if (fl->debugfs_file != NULL)

			debugfs_remove(fl->debugfs_file);

		fastrpc_file_free(fl);

		file->private_data = 0;

		file->private_data = NULL;

	}

	return 0;

}
@@ -2388,9 +2398,9 @@ static ssize_t fastrpc_debugfs_read(struct file *filp, char __user *buffer, 
{

	struct fastrpc_file *fl = filp->private_data;

	struct hlist_node *n;

	struct fastrpc_buf *buf = 0;

	struct fastrpc_mmap *map = 0;

	struct smq_invoke_ctx *ictx = 0;

	struct fastrpc_buf *buf = NULL;

	struct fastrpc_mmap *map = NULL;

	struct smq_invoke_ctx *ictx = NULL;

	struct fastrpc_channel_ctx *chan;

	struct fastrpc_session_ctx *sess;

	unsigned int len = 0;
@@ -2514,7 +2524,7 @@ static int fastrpc_channel_open(struct fastrpc_file *fl) 
	}

	fl->ssrcount = me->channel[cid].ssrcount;

	if ((kref_get_unless_zero(&me->channel[cid].kref) == 0) ||

	    (me->channel[cid].chan == 0)) {

	    (me->channel[cid].chan == NULL)) {

		if (me->glink) {

			VERIFY(err, 0 == fastrpc_glink_register(cid, me));

			if (err)
@@ -2534,7 +2544,7 @@ static int fastrpc_channel_open(struct fastrpc_file *fl) 
			wait_for_completion_timeout(&me->channel[cid].workport,

							RPC_TIMEOUT));

		if (err) {

			me->channel[cid].chan = 0;

			me->channel[cid].chan = NULL;

			goto bail;

		}

		kref_init(&me->channel[cid].kref);
@@ -2568,10 +2578,10 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp) 
{

	int err = 0;

	struct dentry *debugfs_file;

	struct fastrpc_file *fl = 0;

	struct fastrpc_file *fl = NULL;

	struct fastrpc_apps *me = &gfa;



	VERIFY(err, fl = kzalloc(sizeof(*fl), GFP_KERNEL));

	VERIFY(err, NULL != (fl = kzalloc(sizeof(*fl), GFP_KERNEL)));

	if (err)

		return err;

	debugfs_file = debugfs_create_file(current->comm, 0644, debugfs_root,
@@ -2600,7 +2610,7 @@ static int fastrpc_get_info(struct fastrpc_file *fl, uint32_t *info) 
	int err = 0;

	uint32_t cid;



	VERIFY(err, fl != 0);

	VERIFY(err, fl != NULL);

	if (err)

		goto bail;

	if (fl->cid == -1) {
@@ -2636,8 +2646,8 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
	int size = 0, err = 0;

	uint32_t info;



	p.inv.fds = 0;

	p.inv.attrs = 0;

	p.inv.fds = NULL;

	p.inv.attrs = NULL;

	spin_lock(&fl->hlock);

	if (fl->file_close == 1) {

		err = EBADF;
@@ -2657,7 +2667,7 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
	case FASTRPC_IOCTL_INVOKE_ATTRS:

		if (!size)

			size = sizeof(struct fastrpc_ioctl_invoke_attrs);

		VERIFY(err, 0 == copy_from_user(&p.inv, param, size));

		K_COPY_FROM_USER(err, 0, &p.inv, param, size);

		if (err)

			goto bail;

		VERIFY(err, 0 == (err = fastrpc_internal_invoke(fl, fl->mode,
@@ -2666,20 +2676,20 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
			goto bail;

		break;

	case FASTRPC_IOCTL_MMAP:

		VERIFY(err, 0 == copy_from_user(&p.mmap, param,

						sizeof(p.mmap)));

		K_COPY_FROM_USER(err, 0, &p.mmap, param,

						sizeof(p.mmap));

		if (err)

			goto bail;

		VERIFY(err, 0 == (err = fastrpc_internal_mmap(fl, &p.mmap)));

		if (err)

			goto bail;

		VERIFY(err, 0 == copy_to_user(param, &p.mmap, sizeof(p.mmap)));

		K_COPY_TO_USER(err, 0, param, &p.mmap, sizeof(p.mmap));

		if (err)

			goto bail;

		break;

	case FASTRPC_IOCTL_MUNMAP:

		VERIFY(err, 0 == copy_from_user(&p.munmap, param,

						sizeof(p.munmap)));

		K_COPY_FROM_USER(err, 0, &p.munmap, param,

						sizeof(p.munmap));

		if (err)

			goto bail;

		VERIFY(err, 0 == (err = fastrpc_internal_munmap(fl,
@@ -2702,35 +2712,35 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
		}

		break;

	case FASTRPC_IOCTL_GETPERF:

		VERIFY(err, 0 == copy_from_user(&p.perf,

					param, sizeof(p.perf)));

		K_COPY_FROM_USER(err, 0, &p.perf,

					param, sizeof(p.perf));

		if (err)

			goto bail;

		p.perf.numkeys = sizeof(struct fastrpc_perf)/sizeof(int64_t);

		if (p.perf.keys) {

			char *keys = PERF_KEYS;



			VERIFY(err, 0 == copy_to_user((char *)p.perf.keys,

						 keys, strlen(keys)+1));

			K_COPY_TO_USER(err, 0, (void *)p.perf.keys,

						 keys, strlen(keys)+1);

			if (err)

				goto bail;

		}

		if (p.perf.data) {

			VERIFY(err, 0 == copy_to_user((int64_t *)p.perf.data,

						 &fl->perf, sizeof(fl->perf)));

			K_COPY_TO_USER(err, 0, (void *)p.perf.data,

						 &fl->perf, sizeof(fl->perf));

		}

		VERIFY(err, 0 == copy_to_user(param, &p.perf, sizeof(p.perf)));

		K_COPY_TO_USER(err, 0, param, &p.perf, sizeof(p.perf));

		if (err)

			goto bail;

		break;

	case FASTRPC_IOCTL_GETINFO:

	    VERIFY(err, 0 == copy_from_user(&info, param, sizeof(info)));

	    K_COPY_FROM_USER(err, 0, &info, param, sizeof(info));

		if (err)

			goto bail;

		VERIFY(err, 0 == (err = fastrpc_get_info(fl, &info)));

		if (err)

			goto bail;

		VERIFY(err, 0 == copy_to_user(param, &info, sizeof(info)));

		K_COPY_TO_USER(err, 0, param, &info, sizeof(info));

		if (err)

			goto bail;

		break;
@@ -2742,7 +2752,7 @@ static long fastrpc_device_ioctl(struct file *file, unsigned int ioctl_num, 
	case FASTRPC_IOCTL_INIT_ATTRS:

		if (!size)

			size = sizeof(struct fastrpc_ioctl_init_attrs);

		VERIFY(err, 0 == copy_from_user(&p.init, param, size));

		K_COPY_FROM_USER(err, 0, &p.init, param, size);

		if (err)

			goto bail;

		VERIFY(err, p.init.init.filelen >= 0 &&
@@ -2844,7 +2854,8 @@ static int fastrpc_cb_probe(struct device *dev) 
	int err = 0, i;

	int secure_vmid = VMID_CP_PIXEL;



	VERIFY(err, 0 != (name = of_get_property(dev->of_node, "label", NULL)));

	VERIFY(err, NULL != (name = of_get_property(dev->of_node,

					 "label", NULL)));

	if (err)

		goto bail;

	for (i = 0; i < NUM_CHANNELS; i++) {
@@ -2906,8 +2917,8 @@ static int fastrpc_cb_legacy_probe(struct device *dev) 
	struct fastrpc_channel_ctx *chan;

	struct fastrpc_session_ctx *first_sess, *sess;

	const char *name;

	unsigned int *range = 0, range_size = 0;

	unsigned int *sids = 0, sids_size = 0;

	unsigned int *range = NULL, range_size = 0;

	unsigned int *sids = NULL, sids_size = 0;

	int err = 0, ret = 0, i;



	VERIFY(err, 0 != (domains_child_node = of_get_child_by_name(
@@ -3034,17 +3045,17 @@ static void fastrpc_deinit(void) 
		if (chan->chan) {

			kref_put_mutex(&chan->kref,

				fastrpc_channel_close, &me->smd_mutex);

			chan->chan = 0;

			chan->chan = NULL;

		}

		for (j = 0; j < NUM_SESSIONS; j++) {

			struct fastrpc_session_ctx *sess = &chan->session[j];

			if (sess->smmu.dev) {

				arm_iommu_detach_device(sess->smmu.dev);

				sess->smmu.dev = 0;

				sess->smmu.dev = NULL;

			}

			if (sess->smmu.mapping) {

				arm_iommu_release_mapping(sess->smmu.mapping);

				sess->smmu.mapping = 0;

				sess->smmu.mapping = NULL;

			}

		}

	}
@@ -3062,7 +3073,7 @@ static struct platform_driver fastrpc_driver = { 
static int __init fastrpc_device_init(void)

{

	struct fastrpc_apps *me = &gfa;

	struct device *dev = 0;

	struct device *dev = NULL;

	int err = 0, i;



	memset(me, 0, sizeof(*me));
@@ -3099,7 +3110,7 @@ static int __init fastrpc_device_init(void) 
		me->channel[i].prevssrcount = 0;

		me->channel[i].issubsystemup = 1;

		me->channel[i].ramdumpenabled = 0;

		me->channel[i].remoteheap_ramdump_dev = 0;

		me->channel[i].remoteheap_ramdump_dev = NULL;

		me->channel[i].nb.notifier_call = fastrpc_restart_notifier_cb;

		me->channel[i].handle = subsys_notif_register_notifier(

							gcinfo[i].subsys,

drivers/char/adsprpc_compat.c

+6 −6
Original line number Diff line number Diff line
@@ -39,7 +39,7 @@ 


struct compat_remote_buf {

	compat_uptr_t pv;	/* buffer pointer */

	compat_ssize_t len;	/* length of buffer */

	compat_size_t len;	/* length of buffer */

};



union compat_remote_arg {
@@ -68,13 +68,13 @@ struct compat_fastrpc_ioctl_mmap { 
	compat_int_t fd;	/* ion fd */

	compat_uint_t flags;	/* flags for dsp to map with */

	compat_uptr_t vaddrin;	/* optional virtual address */

	compat_ssize_t size;	/* size */

	compat_size_t size;	/* size */

	compat_uptr_t vaddrout;	/* dsps virtual address */

};



struct compat_fastrpc_ioctl_munmap {

	compat_uptr_t vaddrout;	/* address to unmap */

	compat_ssize_t size;	/* size */

	compat_size_t size;	/* size */

};



struct compat_fastrpc_ioctl_init {
@@ -105,7 +105,7 @@ static int compat_get_fastrpc_ioctl_invoke( 
			unsigned int cmd)

{

	compat_uint_t u, sc;

	compat_ssize_t s;

	compat_size_t s;

	compat_uptr_t p;

	struct fastrpc_ioctl_invoke_attrs *inv;

	union compat_remote_arg *pra32;
@@ -193,7 +193,7 @@ static int compat_get_fastrpc_ioctl_mmap( 
{

	compat_uint_t u;

	compat_int_t i;

	compat_ssize_t s;

	compat_size_t s;

	compat_uptr_t p;

	int err;
@@ -227,7 +227,7 @@ static int compat_get_fastrpc_ioctl_munmap( 
			struct fastrpc_ioctl_munmap __user *unmap)

{

	compat_uptr_t p;

	compat_ssize_t s;

	compat_size_t s;

	int err;



	err = get_user(p, &unmap32->vaddrout);

drivers/char/adsprpc_shared.h

+15 −14
Original line number Diff line number Diff line
@@ -113,7 +113,7 @@ do {\ 


struct remote_buf64 {

	uint64_t pv;

	int64_t len;

	uint64_t len;

};



union remote_arg64 {
@@ -125,7 +125,7 @@ union remote_arg64 { 


struct remote_buf {

	void *pv;		/* buffer pointer */

	ssize_t len;		/* length of buffer */

	size_t len;		/* length of buffer */

};



union remote_arg {
@@ -152,37 +152,37 @@ struct fastrpc_ioctl_invoke_attrs { 


struct fastrpc_ioctl_init {

	uint32_t flags;		/* one of FASTRPC_INIT_* macros */

	uintptr_t __user file;	/* pointer to elf file */

	int32_t filelen;	/* elf file length */

	uintptr_t file;		/* pointer to elf file */

	uint32_t filelen;	/* elf file length */

	int32_t filefd;		/* ION fd for the file */

	uintptr_t __user mem;	/* mem for the PD */

	int32_t memlen;		/* mem length */

	uintptr_t mem;		/* mem for the PD */

	uint32_t memlen;	/* mem length */

	int32_t memfd;		/* ION fd for the mem */

};



struct fastrpc_ioctl_init_attrs {

		struct fastrpc_ioctl_init init;

		int attrs;

		int siglen;

		unsigned int siglen;

};



struct fastrpc_ioctl_munmap {

	uintptr_t vaddrout;	/* address to unmap */

	ssize_t size;		/* size */

	size_t size;		/* size */

};



struct fastrpc_ioctl_mmap {

	int fd;				/* ion fd */

	uint32_t flags;			/* flags for dsp to map with */

	uintptr_t __user *vaddrin;	/* optional virtual address */

	ssize_t size;			/* size */

	uintptr_t vaddrin;		/* optional virtual address */

	size_t size;			/* size */

	uintptr_t vaddrout;		/* dsps virtual address */

};



struct fastrpc_ioctl_perf {			/* kernel performance data */

	uintptr_t __user data;

	uintptr_t data;

	uint32_t numkeys;

	uintptr_t __user keys;

	uintptr_t keys;

};



struct smq_null_invoke {
@@ -220,14 +220,15 @@ struct smq_invoke_rsp { 
static inline struct smq_invoke_buf *smq_invoke_buf_start(remote_arg64_t *pra,

							uint32_t sc)

{

	int len = REMOTE_SCALARS_LENGTH(sc);

	unsigned int len = REMOTE_SCALARS_LENGTH(sc);



	return (struct smq_invoke_buf *)(&pra[len]);

}



static inline struct smq_phy_page *smq_phy_page_start(uint32_t sc,

						struct smq_invoke_buf *buf)

{

	int nTotal = REMOTE_SCALARS_INBUFS(sc) + REMOTE_SCALARS_OUTBUFS(sc);

	uint64_t nTotal = REMOTE_SCALARS_INBUFS(sc)+REMOTE_SCALARS_OUTBUFS(sc);

	return (struct smq_phy_page *)(&buf[nTotal]);

}