|
@@ -460,6 +460,15 @@ static void afe_notify_spdif_fmt_update(void *payload)
|
|
|
schedule_work(&this_afe.afe_spdif_work);
|
|
|
}
|
|
|
|
|
|
+static bool afe_token_is_valid(uint32_t token)
|
|
|
+{
|
|
|
+ if (token >= AFE_MAX_PORTS) {
|
|
|
+ pr_err("%s: token %d is invalid.\n", __func__, token);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ return true;
|
|
|
+}
|
|
|
+
|
|
|
static int32_t afe_callback(struct apr_client_data *data, void *priv)
|
|
|
{
|
|
|
if (!data) {
|
|
@@ -536,7 +545,10 @@ static int32_t afe_callback(struct apr_client_data *data, void *priv)
|
|
|
data->payload_size))
|
|
|
return -EINVAL;
|
|
|
}
|
|
|
- wake_up(&this_afe.wait[data->token]);
|
|
|
+ if (afe_token_is_valid(data->token))
|
|
|
+ wake_up(&this_afe.wait[data->token]);
|
|
|
+ else
|
|
|
+ return -EINVAL;
|
|
|
} else if (data->opcode == AFE_EVENT_MBHC_DETECTION_SW_WA) {
|
|
|
msm_aud_evt_notifier_call_chain(SWR_WAKE_IRQ_EVENT, NULL);
|
|
|
} else if (data->payload_size) {
|
|
@@ -572,7 +584,10 @@ static int32_t afe_callback(struct apr_client_data *data, void *priv)
|
|
|
case AFE_SVC_CMD_SET_PARAM_V2:
|
|
|
case AFE_PORT_CMD_MOD_EVENT_CFG:
|
|
|
atomic_set(&this_afe.state, 0);
|
|
|
- wake_up(&this_afe.wait[data->token]);
|
|
|
+ if (afe_token_is_valid(data->token))
|
|
|
+ wake_up(&this_afe.wait[data->token]);
|
|
|
+ else
|
|
|
+ return -EINVAL;
|
|
|
break;
|
|
|
case AFE_SERVICE_CMD_REGISTER_RT_PORT_DRIVER:
|
|
|
break;
|
|
@@ -584,7 +599,10 @@ static int32_t afe_callback(struct apr_client_data *data, void *priv)
|
|
|
break;
|
|
|
case AFE_CMD_ADD_TOPOLOGIES:
|
|
|
atomic_set(&this_afe.state, 0);
|
|
|
- wake_up(&this_afe.wait[data->token]);
|
|
|
+ if (afe_token_is_valid(data->token))
|
|
|
+ wake_up(&this_afe.wait[data->token]);
|
|
|
+ else
|
|
|
+ return -EINVAL;
|
|
|
pr_debug("%s: AFE_CMD_ADD_TOPOLOGIES cmd 0x%x\n",
|
|
|
__func__, payload[1]);
|
|
|
break;
|
|
@@ -608,7 +626,10 @@ static int32_t afe_callback(struct apr_client_data *data, void *priv)
|
|
|
return 0;
|
|
|
}
|
|
|
atomic_set(&this_afe.state, payload[1]);
|
|
|
- wake_up(&this_afe.wait[data->token]);
|
|
|
+ if (afe_token_is_valid(data->token))
|
|
|
+ wake_up(&this_afe.wait[data->token]);
|
|
|
+ else
|
|
|
+ return -EINVAL;
|
|
|
break;
|
|
|
case AFE_SVC_CMD_EVENT_CFG:
|
|
|
atomic_set(&this_afe.state, payload[1]);
|
|
@@ -632,7 +653,10 @@ static int32_t afe_callback(struct apr_client_data *data, void *priv)
|
|
|
else
|
|
|
this_afe.mmap_handle = payload[0];
|
|
|
atomic_set(&this_afe.state, 0);
|
|
|
- wake_up(&this_afe.wait[data->token]);
|
|
|
+ if (afe_token_is_valid(data->token))
|
|
|
+ wake_up(&this_afe.wait[data->token]);
|
|
|
+ else
|
|
|
+ return -EINVAL;
|
|
|
} else if (data->opcode == AFE_EVENT_RT_PROXY_PORT_STATUS) {
|
|
|
port_id = (uint16_t)(0x0000FFFF & payload[0]);
|
|
|
} else if (data->opcode == AFE_PORT_MOD_EVENT) {
|