msm: adsprpc: destroy mutex before file free

Destroy mutex before file free, to avoid use after free of mutex.

Change-Id: I4ff73dc17b15043eacbb299219a379bfd1a8efa6
Acked-by: Himateja Reddy <hmreddy@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index c0787608af56..165c5707a9f7 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -2318,8 +2318,7 @@ static int fastrpc_file_free(struct fastrpc_file *fl)
 	spin_unlock(&fl->apps->hlock);
 
 	if (!fl->sctx) {
-		kfree(fl);
-		return 0;
+		goto bail;
 	}
 
 	spin_lock(&fl->hlock);
@@ -2337,6 +2336,8 @@ static int fastrpc_file_free(struct fastrpc_file *fl)
 		fastrpc_session_free(&fl->apps->channel[cid], fl->sctx);
 	if (fl->secsctx)
 		fastrpc_session_free(&fl->apps->channel[cid], fl->secsctx);
+bail:
+	mutex_destroy(&fl->map_mutex);
 	kfree(fl);
 	return 0;
 }
@@ -2348,7 +2349,7 @@ static int fastrpc_device_release(struct inode *inode, struct file *file)
 	if (fl) {
 		if (fl->debugfs_file != NULL)
 			debugfs_remove(fl->debugfs_file);
-		mutex_destroy(&fl->map_mutex);
+
 		fastrpc_file_free(fl);
 		file->private_data = NULL;
 	}