summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinux Build Service Account <lnxbuild@quicinc.com>2017-09-22 09:13:41 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>2017-09-22 09:13:40 -0700
commitba64f1b64fd9fee3607be0ca75f55ff1d2d3d524 (patch)
treea8d1ca9ead78e7d4a34759769d6d9292cf51ef67
parent6f777b2385c98a17d69bbeead6edbc7ad7470f72 (diff)
parentadc8d80a000948685ff6b93c69890cd4f89b7e56 (diff)
Merge "ASoC: msm: qdsp6v2: Fix dangling pointer access"
-rw-r--r--sound/soc/msm/qdsp6v2/q6asm.c22
1 files changed, 11 insertions, 11 deletions
diff --git a/sound/soc/msm/qdsp6v2/q6asm.c b/sound/soc/msm/qdsp6v2/q6asm.c
index 14f9411104b3..7d5ad2349d91 100644
--- a/sound/soc/msm/qdsp6v2/q6asm.c
+++ b/sound/soc/msm/qdsp6v2/q6asm.c
@@ -3368,6 +3368,15 @@ int q6asm_set_shared_circ_buff(struct audio_client *ac,
int bytes_to_alloc, rc;
size_t len;
+ mutex_lock(&ac->cmd_lock);
+
+ if (ac->port[dir].buf) {
+ pr_err("%s: Buffer already allocated\n", __func__);
+ rc = -EINVAL;
+ mutex_unlock(&ac->cmd_lock);
+ goto done;
+ }
+
buf_circ = kzalloc(sizeof(struct audio_buffer), GFP_KERNEL);
if (!buf_circ) {
@@ -3375,10 +3384,6 @@ int q6asm_set_shared_circ_buff(struct audio_client *ac,
goto done;
}
- mutex_lock(&ac->cmd_lock);
-
- ac->port[dir].buf = buf_circ;
-
bytes_to_alloc = bufsz * bufcnt;
bytes_to_alloc = PAGE_ALIGN(bytes_to_alloc);
@@ -3390,11 +3395,12 @@ int q6asm_set_shared_circ_buff(struct audio_client *ac,
if (rc) {
pr_err("%s: Audio ION alloc is failed, rc = %d\n", __func__,
rc);
- mutex_unlock(&ac->cmd_lock);
kfree(buf_circ);
+ mutex_unlock(&ac->cmd_lock);
goto done;
}
+ ac->port[dir].buf = buf_circ;
buf_circ->used = dir ^ 1;
buf_circ->size = bytes_to_alloc;
buf_circ->actual_size = bytes_to_alloc;
@@ -3559,12 +3565,6 @@ int q6asm_open_shared_io(struct audio_client *ac,
goto done;
}
- if (ac->port[dir].buf) {
- pr_err("%s: Buffer already allocated\n", __func__);
- rc = -EINVAL;
- goto done;
- }
-
rc = q6asm_set_shared_circ_buff(ac, open, bufsz, bufcnt, dir);
if (rc)