diff options
| -rw-r--r-- | drivers/char/adsprpc.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c index 77c8f279b4f5..61a878648c59 100644 --- a/drivers/char/adsprpc.c +++ b/drivers/char/adsprpc.c @@ -65,6 +65,7 @@ #define BALIGN 128 #define NUM_CHANNELS 4 /* adsp,sdsp,mdsp,cdsp */ #define NUM_SESSIONS 9 /*8 compute, 1 cpz*/ +#define FASTRPC_CTX_MAGIC (0xbeeddeed) #define IS_CACHE_ALIGNED(x) (((x) & ((L1_CACHE_BYTES)-1)) == 0) @@ -175,6 +176,7 @@ struct smq_invoke_ctx { struct overlap *overs; struct overlap **overps; struct smq_msg msg; + unsigned int magic; }; struct fastrpc_ctx_lst { @@ -955,6 +957,7 @@ static int context_alloc(struct fastrpc_file *fl, uint32_t kernel, ctx->pid = current->pid; ctx->tgid = current->tgid; init_completion(&ctx->work); + ctx->magic = FASTRPC_CTX_MAGIC; spin_lock(&fl->hlock); hlist_add_head(&ctx->hn, &clst->pending); @@ -989,6 +992,7 @@ static void context_free(struct smq_invoke_ctx *ctx) for (i = 0; i < nbufs; ++i) fastrpc_mmap_free(ctx->maps[i]); fastrpc_buf_free(ctx->buf, 1); + ctx->magic = 0; kfree(ctx); } @@ -1459,16 +1463,23 @@ static void fastrpc_smd_read_handler(int cid) { struct fastrpc_apps *me = &gfa; struct smq_invoke_rsp rsp = {0}; - int ret = 0; + struct smq_invoke_ctx *ctx; + int ret = 0, err = 0; do { ret = smd_read_from_cb(me->channel[cid].chan, &rsp, sizeof(rsp)); if (ret != sizeof(rsp)) break; - rsp.ctx = rsp.ctx & ~1; + ctx = (struct smq_invoke_ctx *)(uint64_to_ptr(rsp.ctx)); + VERIFY(err, (ctx && ctx->magic == FASTRPC_CTX_MAGIC)); + if (err) + goto bail; context_notify_user(uint64_to_ptr(rsp.ctx), rsp.retval); } while (ret == sizeof(rsp)); +bail: + if (err) + pr_err("adsprpc: invalid response or context\n"); } static void smd_event_handler(void *priv, unsigned event) |