diff options
| author | Tharun Kumar Merugu <mtharu@codeaurora.org> | 2018-01-02 11:42:45 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2018-01-15 22:36:05 -0800 |
| commit | 3ebcd5d7e5993e52dc91fcbf9ff9534bb70547c0 (patch) | |
| tree | af4e779a2f021fc9bf22fbd9d82995e445d14548 | |
| parent | de111ce20e214694791b10a106f6910f440fec4c (diff) | |
msm: adsprpc: Fix race conditions on same buffer
Variable map may pointing to the same buffer on race conditions
in functions fastrpc_internal_mmap and fastrpc_internal_munmap,
use mutex to avoid race conditions on same buffer.
Change-Id: I96ed884c44a36f574677ba3ba189dfbf2ce3751d
Acked-by: Krishnaiah Tadakamalla <ktadakam@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
| -rw-r--r-- | drivers/char/adsprpc.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c index 5737da9d855a..6ab3480ba38f 100644 --- a/drivers/char/adsprpc.c +++ b/drivers/char/adsprpc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2017, The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -299,6 +299,7 @@ struct fastrpc_file { struct fastrpc_apps *apps; struct fastrpc_perf perf; struct dentry *debugfs_file; + struct mutex map_mutex; }; static struct fastrpc_apps gfa; @@ -2059,6 +2060,7 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl, int err = 0; struct fastrpc_mmap *map = NULL; + mutex_lock(&fl->map_mutex); VERIFY(err, !fastrpc_mmap_remove(fl, ud->vaddrout, ud->size, &map)); if (err) goto bail; @@ -2069,6 +2071,7 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl, bail: if (err && map) fastrpc_mmap_add(map); + mutex_unlock(&fl->map_mutex); return err; } @@ -2078,10 +2081,13 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl, struct fastrpc_mmap *map = NULL; int err = 0; + + mutex_lock(&fl->map_mutex); if (!fastrpc_mmap_find(fl, ud->fd, (uintptr_t)ud->vaddrin, ud->size, - ud->flags, &map)) + ud->flags, &map)){ + mutex_unlock(&fl->map_mutex); return 0; - + } VERIFY(err, !fastrpc_mmap_create(fl, ud->fd, 0, (uintptr_t)ud->vaddrin, ud->size, ud->flags, &map)); if (err) @@ -2093,6 +2099,7 @@ static int fastrpc_internal_mmap(struct fastrpc_file *fl, bail: if (err && map) fastrpc_mmap_free(map); + mutex_unlock(&fl->map_mutex); return err; } @@ -2273,6 +2280,7 @@ static int fastrpc_device_release(struct inode *inode, struct file *file) if (fl) { if (fl->debugfs_file != NULL) debugfs_remove(fl->debugfs_file); + mutex_destroy(&fl->map_mutex); fastrpc_file_free(fl); file->private_data = NULL; } @@ -2599,6 +2607,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp) fl->debugfs_file = debugfs_file; memset(&fl->perf, 0, sizeof(fl->perf)); filp->private_data = fl; + mutex_init(&fl->map_mutex); spin_lock(&me->hlock); hlist_add_head(&fl->hn, &me->drivers); spin_unlock(&me->hlock); |