android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "slimbus: qcom-ngd-ctrl: Avoid accessing deallocated stack"

Browse Source
This commit is contained in:
qctecmdr 2024-03-13 06:21:42 -07:00 committed by Gerrit - the friendly Code Review server
commit cf82e3d0b3
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
drivers/slimbus/qcom-ngd-ctrl.c
View File

@ -201,6 +201,8 @@ struct qcom_slim_ngd_ctrl {
struct work_struct ngd_up_work;
struct workqueue_struct *mwq;
struct completion qmi_up;
struct completion xfer_done;
struct completion sync_done;
spinlock_t tx_buf_lock;
struct mutex tx_lock;
struct mutex suspend_resume_lock;
@ -970,7 +972,6 @@ static int qcom_slim_ngd_xfer_msg(struct slim_controller *sctrl,
{
struct qcom_slim_ngd_ctrl *ctrl = dev_get_drvdata(sctrl->dev);
DECLARE_COMPLETION_ONSTACK(tx_sent);
DECLARE_COMPLETION_ONSTACK(done);
int ret, timeout, i;
u8 wbuf[SLIM_MSGQ_BUF_LEN];
u8 rbuf[SLIM_MSGQ_BUF_LEN];
@ -979,6 +980,8 @@ static int qcom_slim_ngd_xfer_msg(struct slim_controller *sctrl,
u8 la = txn->la;
bool usr_msg = false;
reinit_completion(&ctrl->xfer_done);
if (txn->mt == SLIM_MSG_MT_CORE &&
(txn->mc >= SLIM_MSG_MC_BEGIN_RECONFIGURATION &&
txn->mc <= SLIM_MSG_MC_RECONFIGURE_NOW))
@ -1052,7 +1055,7 @@ static int qcom_slim_ngd_xfer_msg(struct slim_controller *sctrl,
if (txn->mc != SLIM_USR_MC_DISCONNECT_PORT)
wbuf[i++] = txn->msg->wbuf[1];
txn->comp = &done;
txn->comp = &ctrl->xfer_done;
ret = slim_alloc_txn_tid(sctrl, txn);
if (ret) {
SLIM_ERR(ctrl, "%s: Unable to allocate TID\n", __func__);
@ -1120,7 +1123,7 @@ static int qcom_slim_ngd_xfer_msg(struct slim_controller *sctrl,
}
if (usr_msg) {
timeout = wait_for_completion_timeout(&done, HZ);
timeout = wait_for_completion_timeout(&ctrl->xfer_done, HZ);
if (!timeout) {
SLIM_ERR(ctrl, "%s: TX usr_msg timed out:MC:0x%x,mt:0x%x",
__func__, txn->mc, txn->mt);
@ -1140,9 +1143,10 @@ static int qcom_slim_ngd_xfer_msg_sync(struct slim_controller *ctrl,
{
struct qcom_slim_ngd_ctrl *dev =
container_of(ctrl, struct qcom_slim_ngd_ctrl, ctrl);
DECLARE_COMPLETION_ONSTACK(done);
int ret, timeout;
reinit_completion(&dev->sync_done);
ret = pm_runtime_get_sync(ctrl->dev);
if (ret < 0) {
SLIM_ERR(dev, "SLIM %s: PM get_sync failed ret :%d count:%d TID:%d\n",
@ -1153,7 +1157,7 @@ static int qcom_slim_ngd_xfer_msg_sync(struct slim_controller *ctrl,
SLIM_INFO(dev, "SLIM %s: PM get_sync count:%d TID:%d\n",
__func__, atomic_read(&ctrl->dev->power.usage_count), txn->tid);
txn->comp = &done;
txn->comp = &dev->sync_done;
ret = qcom_slim_ngd_xfer_msg(ctrl, txn);
if (ret) {
@ -1162,7 +1166,7 @@ static int qcom_slim_ngd_xfer_msg_sync(struct slim_controller *ctrl,
goto err;
}
timeout = wait_for_completion_timeout(&done, HZ);
timeout = wait_for_completion_timeout(&dev->sync_done, HZ);
if (!timeout) {
SLIM_ERR(dev, "%s: TX sync timed out:MC:0x%x,mt:0x%x", txn->mc,
__func__, txn->mt);
@ -2176,6 +2180,8 @@ static int qcom_slim_ngd_ctrl_probe(struct platform_device *pdev)
init_completion(&ctrl->ctrl_up);
init_completion(&ctrl->qmi.qmi_comp);
init_completion(&ctrl->qmi_up);
init_completion(&ctrl->xfer_done);
init_completion(&ctrl->sync_done);
ctrl->pdr = pdr_handle_alloc(slim_pd_status, ctrl);
if (IS_ERR(ctrl->pdr)) {