android/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

msm: camera: memmgr: fix null-ptr-deref in mem_mgr_deinit

Browse Source 
In low memory condition, cam_mem_mgr_init can fail after
cam_mem_mgr_state is set to initialize. Since the state is
initialized, subsequent init call return success without
initializing the mem table. So, when cam_mem_mgr_deinit is
called, writing to tbl.bitmap will cause a null ptr derefernce.

This change fixes this issue by setting cam_mem_state to
uninitialize when cam_mem_mgr_init fails.

CRs-Fixed: 3671639
Change-Id: Ie3554bcbbfe10320e5278650c4dd912edd568a10
Signed-off-by: Shivakumar Malke <quic_smalke@quicinc.com>
(cherry picked from commit c655b11b9c6d413748d339ad735837d868b85976)
This commit is contained in:
Shivakumar Malke 2023-12-12 15:53:45 +05:30 committed by Sridhar Gujje
parent 35ce7ba5f2
commit 649a47d850
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/cam_req_mgr/cam_mem_mgr.c
View File

@ -315,7 +315,7 @@ clean_bitmap_and_mutex:
kfree(tbl.bitmap);
tbl.bitmap = NULL;
mutex_destroy(&tbl.m_lock);
atomic_set(&cam_mem_mgr_state, CAM_MEM_MGR_UNINITIALIZED);
put_heaps:
#if IS_REACHABLE(CONFIG_DMABUF_HEAPS)
cam_mem_mgr_put_dma_heaps();