From 07e8c4b8d30065d6b34751b3aa9d25547cdbb9a6 Mon Sep 17 00:00:00 2001 From: Anmolpreet Kaur Date: Fri, 30 Apr 2021 14:50:36 +0530 Subject: [PATCH] smcinvoke: Move IPC_LOG before deleting cb_txn Move IPC_LOG inside mutex lock and bfefore deleting cb_txn inside process_tzcb_req to make sure that we are not accessing cb_req value that has gone bad. Change-Id: Icc04bab52d1364d883b0a4bb07ff4cf2cc8ce6f8 Signed-off-by: Anmolpreet Kaur --- drivers/soc/qcom/smcinvoke.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/soc/qcom/smcinvoke.c b/drivers/soc/qcom/smcinvoke.c index 4125c597258c..020d9da02104 100644 --- a/drivers/soc/qcom/smcinvoke.c +++ b/drivers/soc/qcom/smcinvoke.c @@ -1194,16 +1194,15 @@ static void process_tzcb_req(void *buf, size_t buf_len, struct file **arr_filp) } --cb_reqs_inflight; memcpy(buf, cb_req, buf_len); + IPC_LOG("result=%d tzhandle=0x%08x op=0x%02x counts=0x%04x, cb_reqs_inflight=%d", + cb_req->result, + cb_req->hdr.tzhandle, cb_req->hdr.op, cb_req->hdr.counts, + cb_reqs_inflight); kref_put(&cb_txn->ref_cnt, delete_cb_txn); if (srvr_info) kref_put(&srvr_info->ref_cnt, destroy_cb_server); mutex_unlock(&g_smcinvoke_lock); - IPC_LOG("result=%d tzhandle=0x%08x op=0x%02x counts=0x%04x, cb_reqs_inflight=%d", - cb_req->result, - cb_req->hdr.tzhandle, cb_req->hdr.op, cb_req->hdr.counts, - cb_reqs_inflight); - } static int marshal_out_invoke_req(const uint8_t *buf, uint32_t buf_size,