Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a20b3af authored by Rahul Sharma's avatar Rahul Sharma Committed by Gerrit - the friendly Code Review server
Browse files

msm: ba: Fix race conditions in debug writes 



Use dynamic allocation for debug buffer instead of static.
This is to avoid race condition which can cause buffer overflows.

Change-Id: I1b4eecb4280843064712ee3b7b52e23f55ab53c3
Signed-off-by: default avatarRahul Sharma <sharah@codeaurora.org>
parent fd368e4c

drivers/video/msm/ba/msm_ba_debug.c

+39 −19
Original line number Diff line number Diff line 
/* Copyright (c) 2012-2015, The Linux Foundation. All rights reserved.

/* Copyright (c) 2012-2015,2017 The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -13,7 +13,7 @@ 


#include "msm_ba_debug.h"



#define MAX_DBG_BUF_SIZE 4096

#define MAX_DBG_BUF_SIZE 1008



int msm_ba_debug = BA_ERR | BA_WARN;

int msm_ba_debug_out = BA_OUT_PRINTK;
@@ -24,11 +24,9 @@ struct debug_buffer { 
	u32 filled_size;

};



static struct debug_buffer dbg_buf;



#define INIT_DBG_BUF(__buf) ({ \

	__buf.curr = __buf.ptr;\

	__buf.filled_size = 0; \

	__buf->curr = __buf->ptr;\

	__buf->filled_size = 0; \

})



static int dev_info_open(struct inode *inode, struct file *file)
@@ -58,19 +56,30 @@ static ssize_t dev_info_read(struct file *file, char __user *buf, 
		size_t count, loff_t *ppos)

{

	struct msm_ba_dev *dev_ctxt = file->private_data;

	struct debug_buffer *dbg_buf = NULL;

	ssize_t size = 0;



	if (!dev_ctxt) {

		dprintk(BA_ERR, "Invalid params, dev: 0x%p", dev_ctxt);

		return 0;

	}



	dbg_buf = kmalloc(sizeof(struct debug_buffer), GFP_KERNEL);

	if (dbg_buf == NULL)

		return 0;



	INIT_DBG_BUF(dbg_buf);

	write_str(&dbg_buf, "===============================");

	write_str(&dbg_buf, "DEV: 0x%p", dev_ctxt);

	write_str(&dbg_buf, "===============================");

	write_str(&dbg_buf, "state: %d", dev_ctxt->state);

	write_str(dbg_buf, "===============================");

	write_str(dbg_buf, "DEV: 0x%p", dev_ctxt);

	write_str(dbg_buf, "===============================");

	write_str(dbg_buf, "state: %d", dev_ctxt->state);



	return simple_read_from_buffer(buf, count, ppos,

			dbg_buf.ptr, dbg_buf.filled_size);

	size = simple_read_from_buffer(buf, count, ppos,

			dbg_buf->ptr, dbg_buf->filled_size);



	kfree(dbg_buf);



	return size;

}



static const struct file_operations dev_info_fops = {
@@ -155,21 +164,32 @@ static ssize_t inst_info_read(struct file *file, char __user *buf, 
		size_t count, loff_t *ppos)

{

	struct msm_ba_inst *inst = file->private_data;

	struct debug_buffer *dbg_buf = NULL;

	ssize_t size = 0;



	if (!inst) {

		dprintk(BA_ERR, "Invalid params, dev: %p", inst);

		return 0;

	}



	dbg_buf = kmalloc(sizeof(struct debug_buffer), GFP_KERNEL);

	if (dbg_buf == NULL)

		return 0;



	INIT_DBG_BUF(dbg_buf);

	write_str(&dbg_buf, "===============================");

	write_str(&dbg_buf, "INSTANCE: %p (%s)", inst,

	write_str(dbg_buf, "===============================");

	write_str(dbg_buf, "INSTANCE: %p (%s)", inst,

								"BA device");

	write_str(&dbg_buf, "===============================");

	write_str(&dbg_buf, "dev: %p", inst->dev_ctxt);

	write_str(&dbg_buf, "state: %d", inst->state);

	write_str(dbg_buf, "===============================");

	write_str(dbg_buf, "dev: %p", inst->dev_ctxt);

	write_str(dbg_buf, "state: %d", inst->state);



	return simple_read_from_buffer(buf, count, ppos,

		dbg_buf.ptr, dbg_buf.filled_size);

	size = simple_read_from_buffer(buf, count, ppos,

		dbg_buf->ptr, dbg_buf->filled_size);



	kfree(dbg_buf);



	return size;

}



static const struct file_operations inst_info_fops = {