samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

msm: adsprpc: Avoid double free on map

Browse Source 
Decrement and check the ref count of map
inside the lock. Otherwise, two threads may
free the same map.

Change-Id: Iae758752c0d3c296f155f3200adb783c92100a70
Signed-off-by: Abhishek Singh <quic_abhishes@quicinc.com>
This commit is contained in:
Abhishek Singh
2023-12-18 12:32:29 +05:30
parent c5d0af46d7
commit a976ff28cc
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dsp/adsprpc.c
View File

@@ -1011,14 +1011,13 @@ static void fastrpc_mmap_free(struct fastrpc_mmap *map, uint32_t flags)
map->refs--;
if (!map->refs && !map->is_persistent && !map->ctx_refs)
hlist_del_init(&map->hn);
spin_unlock_irqrestore(&me->hlock, irq_flags);
if (map->refs > 0) {
ADSPRPC_WARN(
"multiple references for remote heap size %zu va 0x%lx ref count is %d\n",
map->size, map->va, map->refs);
spin_unlock_irqrestore(&me->hlock, irq_flags);
return;
}
spin_lock_irqsave(&me->hlock, irq_flags);
if (map->is_persistent && map->in_use)
map->in_use = false;
spin_unlock_irqrestore(&me->hlock, irq_flags);