From 649a47d850cc0ddb0ff11642b97aad720694e5c9 Mon Sep 17 00:00:00 2001
From: Shivakumar Malke <quic_smalke@quicinc.com>
Date: Tue, 12 Dec 2023 15:53:45 +0530
Subject: [PATCH] msm: camera: memmgr: fix null-ptr-deref in mem_mgr_deinit

In low memory condition, cam_mem_mgr_init can fail after
cam_mem_mgr_state is set to initialize. Since the state is
initialized, subsequent init call return success without
initializing the mem table. So, when cam_mem_mgr_deinit is
called, writing to tbl.bitmap will cause a null ptr derefernce.

This change fixes this issue by setting cam_mem_state to
uninitialize when cam_mem_mgr_init fails.

CRs-Fixed: 3671639
Change-Id: Ie3554bcbbfe10320e5278650c4dd912edd568a10
Signed-off-by: Shivakumar Malke <quic_smalke@quicinc.com>
(cherry picked from commit c655b11b9c6d413748d339ad735837d868b85976)
---
 drivers/cam_req_mgr/cam_mem_mgr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/cam_req_mgr/cam_mem_mgr.c b/drivers/cam_req_mgr/cam_mem_mgr.c
index bbe60ba893..84bd754e94 100644
--- a/drivers/cam_req_mgr/cam_mem_mgr.c
+++ b/drivers/cam_req_mgr/cam_mem_mgr.c
@@ -315,7 +315,7 @@ clean_bitmap_and_mutex:
 	kfree(tbl.bitmap);
 	tbl.bitmap = NULL;
 	mutex_destroy(&tbl.m_lock);
-
+	atomic_set(&cam_mem_mgr_state, CAM_MEM_MGR_UNINITIALIZED);
 put_heaps:
 #if IS_REACHABLE(CONFIG_DMABUF_HEAPS)
 	cam_mem_mgr_put_dma_heaps();