ipc: initialize glink link state

There is a chance that glink channel memory pointer is used after free if WDSP_REG_PKT and WDSP_CMD_PKT are received at the same time from different threads. Fix this issue by initializing glink link state to GLINK_LINK_STATE_DOWN. Also limit error logs to avoid watchdog timeout issues. Change-Id: I07c4e6f12eb057405eb59f1c0d04b890fa964ce8 Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
2017-09-08 11:26:51 -07:00
parent 8f7ccc2e6f
commit 60871bde94
1 changed files with 20 additions and 18 deletions
--- a/ipc/wcd-dsp-glink.c
+++ b/ipc/wcd-dsp-glink.c
@@ -570,7 +570,7 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv,
 	mutex_lock(&wpriv->glink_mutex);
 	if (wpriv->ch) {
-		dev_err(wpriv->dev, "%s: glink ch memory is already allocated\n",
+		dev_err_ratelimited(wpriv->dev, "%s: glink ch memory is already allocated\n",
 			 __func__);
 		ret = -EINVAL;
 		goto done;
@@ -579,7 +579,7 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv,
 	no_of_channels = pkt->no_of_channels;
 	if (no_of_channels > WDSP_MAX_NO_OF_CHANNELS) {
-		dev_err(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
+		dev_err_ratelimited(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
 			__func__, no_of_channels, WDSP_MAX_NO_OF_CHANNELS);
 		ret = -EINVAL;
 		goto done;
@@ -598,20 +598,20 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv,
 		size += WDSP_CH_CFG_SIZE;
 		if (size > pkt_size) {
-			dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
 				__func__, size, pkt_size);
 			ret = -EINVAL;
 			goto err_ch_mem;
 		}
 		if (ch_cfg->no_of_intents > WDSP_MAX_NO_OF_INTENTS) {
-			dev_err(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
 				__func__, ch_cfg->no_of_intents);
 			ret = -EINVAL;
 			goto err_ch_mem;
 		}
 		size += (sizeof(u32) * ch_cfg->no_of_intents);
 		if (size > pkt_size) {
-			dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
 				__func__, size, pkt_size);
 			ret = -EINVAL;
 			goto err_ch_mem;
@@ -746,7 +746,7 @@ static ssize_t wdsp_glink_read(struct file *file, char __user *buf,
 	}
 	if (count > WDSP_MAX_READ_SIZE) {
-		dev_info(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
+		dev_info_ratelimited(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
 			__func__, count);
 		count = WDSP_MAX_READ_SIZE;
 	}
@@ -778,7 +778,7 @@ static ssize_t wdsp_glink_read(struct file *file, char __user *buf,
 		if (ret1) {
 			mutex_unlock(&wpriv->rsp_mutex);
-			dev_err(wpriv->dev, "%s: copy_to_user failed %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: copy_to_user failed %d\n",
 				__func__, ret);
 			ret = -EFAULT;
 			goto done;
@@ -824,7 +824,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 	if ((count < WDSP_WRITE_PKT_SIZE) ||
 	    (count > WDSP_MAX_WRITE_SIZE)) {
-		dev_err(wpriv->dev, "%s: Invalid count = %zd\n",
+		dev_err_ratelimited(wpriv->dev, "%s: Invalid count = %zd\n",
 			__func__, count);
 		ret = -EINVAL;
 		goto done;
@@ -841,7 +841,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 	ret = copy_from_user(tx_buf->buf, buf, count);
 	if (ret) {
-		dev_err(wpriv->dev, "%s: copy_from_user failed %d\n",
+		dev_err_ratelimited(wpriv->dev, "%s: copy_from_user failed %d\n",
 			__func__, ret);
 		ret = -EFAULT;
 		goto free_buf;
@@ -852,7 +852,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 	case WDSP_REG_PKT:
 		if (count < (WDSP_WRITE_PKT_SIZE + WDSP_REG_PKT_SIZE +
 			     WDSP_CH_CFG_SIZE)) {
-			dev_err(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
 				__func__, count);
 			ret = -EINVAL;
 			goto free_buf;
@@ -861,7 +861,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 					(struct wdsp_reg_pkt *)wpkt->payload,
 					count);
 		if (ret < 0)
-			dev_err(wpriv->dev, "%s: glink register failed, ret = %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: glink register failed, ret = %d\n",
 				__func__, ret);
 		vfree(tx_buf);
 		break;
@@ -871,7 +871,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 							GLINK_LINK_STATE_UP),
 					 msecs_to_jiffies(TIMEOUT_MS));
 		if (!ret) {
-			dev_err(wpriv->dev, "%s: Link state wait timeout\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Link state wait timeout\n",
 				__func__);
 			ret = -ETIMEDOUT;
 			goto free_buf;
@@ -881,7 +881,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 		break;
 	case WDSP_CMD_PKT:
 		if (count <= (WDSP_WRITE_PKT_SIZE + WDSP_CMD_PKT_SIZE)) {
-			dev_err(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
 				__func__, count);
 			ret = -EINVAL;
 			goto free_buf;
@@ -889,7 +889,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 		mutex_lock(&wpriv->glink_mutex);
 		if (wpriv->glink_state.link_state == GLINK_LINK_STATE_DOWN) {
 			mutex_unlock(&wpriv->glink_mutex);
-			dev_err(wpriv->dev, "%s: Link state is Down\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Link state is Down\n",
 				__func__);
 			ret = -ENETRESET;
@@ -901,7 +901,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 					sizeof(struct wdsp_cmd_pkt) +
 					cpkt->payload_size;
 		if (count < pkt_max_size) {
-			dev_err(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
 				__func__, count, pkt_max_size);
 			ret = -EINVAL;
 			goto free_buf;
@@ -917,7 +917,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 			}
 		}
 		if (!tx_buf->ch) {
-			dev_err(wpriv->dev, "%s: Failed to get glink channel\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Failed to get glink channel\n",
 				__func__);
 			ret = -EINVAL;
 			goto free_buf;
@@ -928,7 +928,7 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 							GLINK_CONNECTED),
 					 msecs_to_jiffies(TIMEOUT_MS));
 		if (!ret) {
-			dev_err(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
 				__func__, tx_buf->ch->ch_cfg.name,
 				tx_buf->ch->channel_state);
 			ret = -ETIMEDOUT;
@@ -940,7 +940,8 @@ static ssize_t wdsp_glink_write(struct file *file, const char __user *buf,
 		queue_work(wpriv->work_queue, &tx_buf->tx_work);
 		break;
 	default:
-		dev_err(wpriv->dev, "%s: Invalid packet type\n", __func__);
+		dev_err_ratelimited(wpriv->dev, "%s: Invalid packet type\n",
 				    __func__);
 		ret = -EINVAL;
 		vfree(tx_buf);
 		break;
@@ -986,6 +987,7 @@ static int wdsp_glink_open(struct inode *inode, struct file *file)
 		goto err_wq;
 	}
 	wpriv->glink_state.link_state = GLINK_LINK_STATE_DOWN;
 	init_completion(&wpriv->rsp_complete);
 	init_waitqueue_head(&wpriv->link_state_wait);
 	mutex_init(&wpriv->rsp_mutex);