msm: adsprpc: Fix race conditions on same buffer (1285f8ce) · Commits · e / devices / android_kernel_xiaomi_markw

drivers/char/adsprpc.c

+12 −1

Original line number	Diff line number	Diff line
		@@ -256,6 +256,7 @@ struct fastrpc_file {
		int cid;
		int ssrcount;
		struct fastrpc_apps *apps;
		struct mutex map_mutex;
		};

		static struct fastrpc_apps gfa;
		@@ -1762,6 +1763,8 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl,
		{
		int err = 0;
		struct fastrpc_mmap *map = NULL;

		mutex_lock(&fl->map_mutex);
		if (!fastrpc_mmap_remove(fl, ud->vaddrout, ud->size,
		&map)) {
		VERIFY(err, !fastrpc_munmap_on_dsp(fl, map));
		@@ -1772,6 +1775,7 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl,
		bail:
		if (err && map)
		fastrpc_mmap_add(map);
		mutex_unlock(&fl->map_mutex);
		return err;
		}

		@@ -1781,9 +1785,13 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl,

		struct fastrpc_mmap *map = NULL;
		int err = 0;

		mutex_lock(&fl->map_mutex);
		if (!fastrpc_mmap_find(fl, ud->fd, (uintptr_t)ud->vaddrin, ud->size,
		ud->flags, &map))
		ud->flags, &map)){
		mutex_unlock(&fl->map_mutex);
		return 0;
		}

		VERIFY(err, !fastrpc_mmap_create(fl, ud->fd, (uintptr_t)ud->vaddrin,
		ud->size, ud->flags, &map));
		@@ -1796,6 +1804,7 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl,
		bail:
		if (err && map)
		fastrpc_mmap_free(map);
		mutex_unlock(&fl->map_mutex);
		return err;
		}

		@@ -2002,6 +2011,7 @@ static int fastrpc_device_release(struct inode inode, struct file file)
		}
		me->pending_free++;
		mutex_unlock(&me->flfree_mutex);
		mutex_destroy(&fl->map_mutex);
		file->private_data = NULL;
		}
		bail:
		@@ -2161,6 +2171,7 @@ static int fastrpc_device_open(struct inode inode, struct file filp)
		me->channel[cid].ssrcount;
		}
		}
		mutex_init(&fl->map_mutex);
		spin_lock(&me->hlock);
		hlist_add_head(&fl->hn, &me->drivers);
		spin_unlock(&me->hlock);