msm: ais: isp: Handling buffer use after getting it freed · 08c8d3a714 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

msm: ais: isp: Handling buffer use after getting it freed

In the code, start_fetch can try to access the
buffer pointer variable after free, as the
same pointer can be freed at RELEASE_BUF call too
at the same time. Hence fixing this race condition.

Change-Id: Ifb643bace27064e1324d714aebed706b48e44b65
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>

This commit is contained in:

Rahul Sharma

2018-02-12 11:25:36 +05:30

• committed by

Gerrit - the friendly Code Review server

parent b57f252a8b

commit 08c8d3a714

1 changed files with 2 additions and 0 deletions

									
										2

drivers/media/platform/msm/ais/isp/msm_isp47.c
									
										View file
										
				@ -1097,8 +1097,10 @@ int msm_vfe47_start_fetch_engine_multi_pass(struct vfe_device *vfe_dev,

							fe_cfg->stream_id);

						vfe_dev->fetch_engine_info.bufq_handle = bufq_handle;

						mutex_lock(&vfe_dev->buf_mgr->lock);

						rc = vfe_dev->buf_mgr->ops->get_buf_by_index(

							vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf);

						mutex_unlock(&vfe_dev->buf_mgr->lock);

						if (rc < 0 || !buf) {

							pr_err("%s: No fetch buffer rc= %d buf= %pK\n",

								__func__, rc, buf);