samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

smcinvoke: Fix mutex lock and unlock

Browse Source 
Acquire lock before delete_cb_txn_locked.
This API expects the lock is aquired before calling it
release the lock afterwards.

Also rename the api with_locked to state that api
needs to be called on locked mutex.

Change-Id: I6384ff60004da90b46904823e399c62c55ea4273
This commit is contained in:
Bruce Levy
2022-05-19 10:42:00 -07:00
committed by Gerrit - the friendly Code Review server
parent c1203ba9a0
commit 995c3731b7
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
smcinvoke/smcinvoke.c
View File

@@ -548,7 +548,7 @@ static void release_tzhandles(const int32_t *tzhandles, size_t len)
mutex_unlock(&g_smcinvoke_lock); mutex_unlock(&g_smcinvoke_lock);
} }
static void delete_cb_txn(struct kref *kref) static void delete_cb_txn_locked(struct kref *kref)
{ {
struct smcinvoke_cb_txn *cb_txn = container_of(kref, struct smcinvoke_cb_txn *cb_txn = container_of(kref,
struct smcinvoke_cb_txn, ref_cnt); struct smcinvoke_cb_txn, ref_cnt);
@@ -1226,7 +1226,7 @@ out:
cb_req->hdr.counts, cb_reqs_inflight); cb_req->hdr.counts, cb_reqs_inflight);
memcpy(buf, cb_req, buf_len); memcpy(buf, cb_req, buf_len);
kref_put(&cb_txn->ref_cnt, delete_cb_txn); kref_put(&cb_txn->ref_cnt, delete_cb_txn_locked);
if (srvr_info) if (srvr_info)
kref_put(&srvr_info->ref_cnt, destroy_cb_server); kref_put(&srvr_info->ref_cnt, destroy_cb_server);
mutex_unlock(&g_smcinvoke_lock); mutex_unlock(&g_smcinvoke_lock);
@@ -1846,7 +1846,9 @@ static long process_accept_req(struct file *filp, unsigned int cmd,
cb_txn->cb_req->result = OBJECT_ERROR_UNAVAIL; cb_txn->cb_req->result = OBJECT_ERROR_UNAVAIL;
cb_txn->state = SMCINVOKE_REQ_PROCESSED; cb_txn->state = SMCINVOKE_REQ_PROCESSED;
kref_put(&cb_txn->ref_cnt, delete_cb_txn); mutex_lock(&g_smcinvoke_lock);
kref_put(&cb_txn->ref_cnt, delete_cb_txn_locked);
mutex_unlock(&g_smcinvoke_lock);
wake_up(&server_info->rsp_wait_q); wake_up(&server_info->rsp_wait_q);
/* /*
* if marshal_out fails, we should let userspace release * if marshal_out fails, we should let userspace release
@@ -1890,14 +1892,16 @@ static long process_accept_req(struct file *filp, unsigned int cmd,
pr_err("failed to marshal in the callback request\n"); pr_err("failed to marshal in the callback request\n");
cb_txn->cb_req->result = OBJECT_ERROR_UNAVAIL; cb_txn->cb_req->result = OBJECT_ERROR_UNAVAIL;
cb_txn->state = SMCINVOKE_REQ_PROCESSED; cb_txn->state = SMCINVOKE_REQ_PROCESSED;
kref_put(&cb_txn->ref_cnt, delete_cb_txn); mutex_lock(&g_smcinvoke_lock);
kref_put(&cb_txn->ref_cnt, delete_cb_txn_locked);
mutex_unlock(&g_smcinvoke_lock);
wake_up_interruptible(&server_info->rsp_wait_q); wake_up_interruptible(&server_info->rsp_wait_q);
continue; continue;
} }
mutex_lock(&g_smcinvoke_lock); mutex_lock(&g_smcinvoke_lock);
hash_add(server_info->responses_table, &cb_txn->hash, hash_add(server_info->responses_table, &cb_txn->hash,
cb_txn->txn_id); cb_txn->txn_id);
kref_put(&cb_txn->ref_cnt, delete_cb_txn); kref_put(&cb_txn->ref_cnt, delete_cb_txn_locked);
mutex_unlock(&g_smcinvoke_lock); mutex_unlock(&g_smcinvoke_lock);
trace_process_accept_req_placed(current->pid, current->tgid); trace_process_accept_req_placed(current->pid, current->tgid);