Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

msm: ipa: Fix to avoid NULL pointer access after freeing it

Observing SMMU fault because of providing the already free pointer to
IPA HW. Add changes to avoid the accessing the already freed pointer.

Change-Id: I4d7420816aec0ab7207c683315558e551373d8bc
Signed-off-by: Ashok Vuyyuru <[email protected]>
Signed-off-by: Chaitanya Pratapa <[email protected]>
Ashok Vuyyuru 5 жил өмнө
parent
58de42af6b
commit
62f45adb3d
1 өөрчлөгдсөн 20 нэмэгдсэн , 3 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 20 3
      drivers/platform/msm/ipa/ipa_v3/ipa_nat.c

+ 20 - 3
drivers/platform/msm/ipa/ipa_v3/ipa_nat.c
Файл харах 

@@ -1110,7 +1110,7 @@ static void ipa3_nat_create_init_cmd(
 
 	IPADBG("return\n");
 
 }
 
 
-static void ipa3_nat_create_modify_pdn_cmd(
 
+static int ipa3_nat_create_modify_pdn_cmd(
 
 	struct ipahal_imm_cmd_dma_shared_mem *mem_cmd, bool zero_mem)
 
 {
 
 	size_t pdn_entry_size, mem_size;
 
@@ -1120,6 +1120,10 @@ static void ipa3_nat_create_modify_pdn_cmd(
 
 	ipahal_nat_entry_size(IPAHAL_NAT_IPV4_PDN, &pdn_entry_size);
 
 	mem_size = pdn_entry_size * IPA_MAX_PDN_NUM;
 
 
+	/* Before providing physical base address check pointer exist or not*/
 
+	if (!ipa3_ctx->nat_mem.pdn_mem.base)
 
+		return -EFAULT;
 
+
 
 	if (zero_mem && ipa3_ctx->nat_mem.pdn_mem.base)
 
 		memset(ipa3_ctx->nat_mem.pdn_mem.base, 0, mem_size);
 
 
@@ -1133,6 +1137,7 @@ static void ipa3_nat_create_modify_pdn_cmd(
 
 		IPA_MEM_PART(pdn_config_ofst);
 
 
 	IPADBG("return\n");
 
+	return 0;
 
 }
 
 
 static int ipa3_nat_send_init_cmd(struct ipahal_imm_cmd_ip_v4_nat_init *cmd,
 
@@ -1204,7 +1209,12 @@ static int ipa3_nat_send_init_cmd(struct ipahal_imm_cmd_ip_v4_nat_init *cmd,
 
 		}
 
 
 		/* Copy the PDN config table to SRAM */
 
-		ipa3_nat_create_modify_pdn_cmd(&mem_cmd, zero_pdn_table);
 
+		result = ipa3_nat_create_modify_pdn_cmd(&mem_cmd,
 
+							zero_pdn_table);
 
+		if (result) {
 
+			IPAERR(" Fail to create modify pdn command\n");
 
+			goto destroy_imm_cmd;
 
+		}
 
 		cmd_pyld[num_cmd] = ipahal_construct_imm_cmd(
 
 			IPA_IMM_CMD_DMA_SHARED_MEM, &mem_cmd, false);
 
 		if (!cmd_pyld[num_cmd]) {
 
@@ -1696,7 +1706,12 @@ int ipa3_nat_mdfy_pdn(
 
 	/*
 
 	 * Copy the PDN config table to SRAM
 
 	 */
 
-	ipa3_nat_create_modify_pdn_cmd(&mem_cmd, false);
 
+	result = ipa3_nat_create_modify_pdn_cmd(&mem_cmd, false);
 
+
 
+	if (result) {
 
+		IPAERR(" Fail to create modify pdn command\n");
 
+		goto bail;
 
+	}
 
 
 	cmd_pyld = ipahal_construct_imm_cmd(
 
 		IPA_IMM_CMD_DMA_SHARED_MEM, &mem_cmd, false);
 
@@ -2096,6 +2111,8 @@ static void ipa3_nat_ipv6ct_free_mem(
 
 				mld_ptr->index_table_addr           = NULL;
 
 				mld_ptr->index_table_expansion_addr = NULL;
 
 			}
 
+			dev->is_hw_init           = false;
 
+			dev->is_mapped            = false;
 
 
 			memset(nm_ptr->mem_loc, 0, sizeof(nm_ptr->mem_loc));
 
 		}