msm: camera: memmgr: avoid race condition by checking bitmap

bufq mutex can be destroyed at unmap, if other thread
is trying to lock the bufq mutex it can result in
bad magic number. To avoid such race condition
check bitmap with protection of global mutex lock.

CRs-Fixed: 3120472
Change-Id: Id95be0faa5b0d921c4a0370ea5d2f3b23c229280
Signed-off-by: Tejas Prajapati <[email protected]>

drivers/cam_req_mgr/cam_mem_mgr.c

@@ -402,15 +402,18 @@ int cam_mem_mgr_cache_ops(struct cam_mem_cache_ops_cmd *cmd)
 	if (idx >= CAM_MEM_BUFQ_MAX || idx <= 0)
 		return -EINVAL;
 
-	mutex_lock(&tbl.bufq[idx].q_lock);
+	mutex_lock(&tbl.m_lock);
 
-	if (!tbl.bufq[idx].active) {
+	if (!test_bit(idx, tbl.bitmap)) {
 		CAM_ERR(CAM_MEM, "Buffer at idx=%d is already unmapped,",
 			idx);
-		rc = -EINVAL;
-		goto end;
+		mutex_unlock(&tbl.m_lock);
+		return -EINVAL;
 	}
 
+	mutex_lock(&tbl.bufq[idx].q_lock);
+	mutex_unlock(&tbl.m_lock);
+
 	if (cmd->buf_handle != tbl.bufq[idx].buf_handle) {
 		rc = -EINVAL;
 		goto end;