Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 782cd411 authored by Tharun Kumar Merugu's avatar Tharun Kumar Merugu
Browse files

msm: adsprpc: Fix race conditions on same buffer 



Variable map may pointing to the same buffer on race conditions
in functions fastrpc_internal_mmap and fastrpc_internal_munmap,
use mutex to avoid race conditions on same buffer.

Change-Id: I96ed884c44a36f574677ba3ba189dfbf2ce3751d
Acked-by: default avatarKrishnaiah Tadakamalla <ktadakam@qti.qualcomm.com>
Signed-off-by: default avatarTharun Kumar Merugu <mtharu@codeaurora.org>
parent 5ad1f554

drivers/char/adsprpc.c

+12 −3
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -299,6 +299,7 @@ struct fastrpc_file { 
	struct fastrpc_apps *apps;

	struct fastrpc_perf perf;

	struct dentry *debugfs_file;

	struct mutex map_mutex;

};



static struct fastrpc_apps gfa;
@@ -2059,6 +2060,7 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl, 
	int err = 0;

	struct fastrpc_mmap *map = NULL;



	mutex_lock(&fl->map_mutex);

	VERIFY(err, !fastrpc_mmap_remove(fl, ud->vaddrout, ud->size, &map));

	if (err)

		goto bail;
@@ -2069,6 +2071,7 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl, 
bail:

	if (err && map)

		fastrpc_mmap_add(map);

	mutex_unlock(&fl->map_mutex);

	return err;

}
@@ -2078,10 +2081,13 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl, 


	struct fastrpc_mmap *map = NULL;

	int err = 0;



	mutex_lock(&fl->map_mutex);

	if (!fastrpc_mmap_find(fl, ud->fd, (uintptr_t)ud->vaddrin, ud->size,

			       ud->flags, &map))

			       ud->flags, &map)){

		mutex_unlock(&fl->map_mutex);

		return 0;



	}

	VERIFY(err, !fastrpc_mmap_create(fl, ud->fd, 0,

			(uintptr_t)ud->vaddrin, ud->size, ud->flags, &map));

	if (err)
@@ -2093,6 +2099,7 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl, 
 bail:

	if (err && map)

		fastrpc_mmap_free(map);

	mutex_unlock(&fl->map_mutex);

	return err;

}
@@ -2273,6 +2280,7 @@ static int fastrpc_device_release(struct inode *inode, struct file *file) 
	if (fl) {

		if (fl->debugfs_file != NULL)

			debugfs_remove(fl->debugfs_file);

		mutex_destroy(&fl->map_mutex);

		fastrpc_file_free(fl);

		file->private_data = NULL;

	}
@@ -2599,6 +2607,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp) 
		fl->debugfs_file = debugfs_file;

	memset(&fl->perf, 0, sizeof(fl->perf));

	filp->private_data = fl;

	mutex_init(&fl->map_mutex);

	spin_lock(&me->hlock);

	hlist_add_head(&fl->hn, &me->drivers);

	spin_unlock(&me->hlock);