ipc: initialize glink link state
There is a chance that glink channel memory pointer is used after free if WDSP_REG_PKT and WDSP_CMD_PKT are received at the same time from different threads. Fix this issue by initializing glink link state to GLINK_LINK_STATE_DOWN. Also limit error logs to avoid watchdog timeout issues. Change-Id: I07c4e6f12eb057405eb59f1c0d04b890fa964ce8 Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
This commit is contained in:
Vidyakumar Athota
@@ -570,7 +570,7 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv,
|
||||
|
||||
mutex_lock(&wpriv->glink_mutex);
|
||||
if (wpriv->ch) {
|
||||
dev_err(wpriv->dev, "%s: glink ch memory is already allocated\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: glink ch memory is already allocated\n",
|
||||
__func__);
|
||||
ret = -EINVAL;
|
||||
goto done;
|
||||
@@ -579,7 +579,7 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv,
|
||||
no_of_channels = pkt->no_of_channels;
|
||||
|
||||
if (no_of_channels > WDSP_MAX_NO_OF_CHANNELS) {
|
||||
dev_err(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
|
||||
__func__, no_of_channels, WDSP_MAX_NO_OF_CHANNELS);
|
||||
ret = -EINVAL;
|
||||
goto done;
|
||||
@@ -598,20 +598,20 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv,
|
||||
|
||||
size += WDSP_CH_CFG_SIZE;
|
||||
if (size > pkt_size) {
|
||||
dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
|
||||
__func__, size, pkt_size);
|
||||
ret = -EINVAL;
|
||||
goto err_ch_mem;
|
||||
}
|
||||
if (ch_cfg->no_of_intents > WDSP_MAX_NO_OF_INTENTS) {
|
||||
dev_err(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
|
||||
__func__, ch_cfg->no_of_intents);
|
||||
ret = -EINVAL;
|
||||
goto err_ch_mem;
|
||||
}
|
||||
size += (sizeof(u32) * ch_cfg->no_of_intents);
|
||||
if (size > pkt_size) {
|
||||
dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
|
||||
__func__, size, pkt_size);
|
||||
ret = -EINVAL;
|
||||
goto err_ch_mem;
|
||||
@@ -746,7 +746,7 @@ static ssize_t wdsp_glink_read(struct file *file, char __user *buf,
|
||||
}
|
||||
|
||||
if (count > WDSP_MAX_READ_SIZE) {
|
||||
dev_info(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
|
||||
dev_info_ratelimited(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
|
||||
__func__, count);
|
||||
count = WDSP_MAX_READ_SIZE;
|
||||
}
|
||||
@@ -778,7 +778,7 @@ static ssize_t wdsp_glink_read(struct file *file, char __user *buf,
|
||||
|
||||
if (ret1) {
|
||||
mutex_unlock(&wpriv->rsp_mutex);
|
||||
dev_err(wpriv->dev, "%s: copy_to_user failed %d\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: copy_to_user failed %d\n",
|
||||
__func__, ret);
|
||||
ret = -EFAULT;
|
||||
goto done;
|
||||
@@ -824,7 +824,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
|
||||
if ((count < WDSP_WRITE_PKT_SIZE) ||
|
||||
(count > WDSP_MAX_WRITE_SIZE)) {
|
||||
dev_err(wpriv->dev, "%s: Invalid count = %zd\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid count = %zd\n",
|
||||
__func__, count);
|
||||
ret = -EINVAL;
|
||||
goto done;
|
||||
@@ -841,7 +841,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
|
||||
ret = copy_from_user(tx_buf->buf, buf, count);
|
||||
if (ret) {
|
||||
dev_err(wpriv->dev, "%s: copy_from_user failed %d\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: copy_from_user failed %d\n",
|
||||
__func__, ret);
|
||||
ret = -EFAULT;
|
||||
goto free_buf;
|
||||
@@ -852,7 +852,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
case WDSP_REG_PKT:
|
||||
if (count < (WDSP_WRITE_PKT_SIZE + WDSP_REG_PKT_SIZE +
|
||||
WDSP_CH_CFG_SIZE)) {
|
||||
dev_err(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
|
||||
__func__, count);
|
||||
ret = -EINVAL;
|
||||
goto free_buf;
|
||||
@@ -861,7 +861,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
(struct wdsp_reg_pkt *)wpkt->payload,
|
||||
count);
|
||||
if (ret < 0)
|
||||
dev_err(wpriv->dev, "%s: glink register failed, ret = %d\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: glink register failed, ret = %d\n",
|
||||
__func__, ret);
|
||||
vfree(tx_buf);
|
||||
break;
|
||||
@@ -871,7 +871,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
GLINK_LINK_STATE_UP),
|
||||
msecs_to_jiffies(TIMEOUT_MS));
|
||||
if (!ret) {
|
||||
dev_err(wpriv->dev, "%s: Link state wait timeout\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Link state wait timeout\n",
|
||||
__func__);
|
||||
ret = -ETIMEDOUT;
|
||||
goto free_buf;
|
||||
@@ -881,7 +881,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
break;
|
||||
case WDSP_CMD_PKT:
|
||||
if (count <= (WDSP_WRITE_PKT_SIZE + WDSP_CMD_PKT_SIZE)) {
|
||||
dev_err(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
|
||||
__func__, count);
|
||||
ret = -EINVAL;
|
||||
goto free_buf;
|
||||
@@ -889,7 +889,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
mutex_lock(&wpriv->glink_mutex);
|
||||
if (wpriv->glink_state.link_state == GLINK_LINK_STATE_DOWN) {
|
||||
mutex_unlock(&wpriv->glink_mutex);
|
||||
dev_err(wpriv->dev, "%s: Link state is Down\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Link state is Down\n",
|
||||
__func__);
|
||||
|
||||
ret = -ENETRESET;
|
||||
@@ -901,7 +901,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
sizeof(struct wdsp_cmd_pkt) +
|
||||
cpkt->payload_size;
|
||||
if (count < pkt_max_size) {
|
||||
dev_err(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
|
||||
__func__, count, pkt_max_size);
|
||||
ret = -EINVAL;
|
||||
goto free_buf;
|
||||
@@ -917,7 +917,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
}
|
||||
}
|
||||
if (!tx_buf->ch) {
|
||||
dev_err(wpriv->dev, "%s: Failed to get glink channel\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Failed to get glink channel\n",
|
||||
__func__);
|
||||
ret = -EINVAL;
|
||||
goto free_buf;
|
||||
@@ -928,7 +928,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
GLINK_CONNECTED),
|
||||
msecs_to_jiffies(TIMEOUT_MS));
|
||||
if (!ret) {
|
||||
dev_err(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
|
||||
dev_err_ratelimited(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
|
||||
__func__, tx_buf->ch->ch_cfg.name,
|
||||
tx_buf->ch->channel_state);
|
||||
ret = -ETIMEDOUT;
|
||||
@@ -940,7 +940,8 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
|
||||
queue_work(wpriv->work_queue, &tx_buf->tx_work);
|
||||
break;
|
||||
default:
|
||||
dev_err(wpriv->dev, "%s: Invalid packet type\n", __func__);
|
||||
dev_err_ratelimited(wpriv->dev, "%s: Invalid packet type\n",
|
||||
__func__);
|
||||
ret = -EINVAL;
|
||||
vfree(tx_buf);
|
||||
break;
|
||||
@@ -986,6 +987,7 @@ static int wdsp_glink_open(struct inode *inode, struct file *file)
|
||||
goto err_wq;
|
||||
}
|
||||
|
||||
wpriv->glink_state.link_state = GLINK_LINK_STATE_DOWN;
|
||||
init_completion(&wpriv->rsp_complete);
|
||||
init_waitqueue_head(&wpriv->link_state_wait);
|
||||
mutex_init(&wpriv->rsp_mutex);
|
||||
|
||||
Reference in New Issue
Block a user