From 1f42db38528596e747bbaf70e025545e99e0b2ac Mon Sep 17 00:00:00 2001
From: Benjamin Chan <bkchan@codeaurora.org>
Date: Tue, 21 Mar 2017 14:21:41 -0400
Subject: [PATCH] msm: sde: Protect concurrent access to resources in SDE
 rotator

ioctl32 handling in SDE rotator does not go through the V4L2 ioctl
lock protection, thus allowing concurrent access to some of the SDE
rotator internal resources. This change adds the mutex protection to
the SDE rotator ioctl32 handler.

CRs-Fixed: 2019300
Change-Id: Idca37e19b7d3812e90d143acfc6fef82df19ab97
Signed-off-by: Benjamin Chan <bkchan@codeaurora.org>
---
 .../msm/sde/rotator/sde_rotator_dev.c         | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/drivers/media/platform/msm/sde/rotator/sde_rotator_dev.c b/drivers/media/platform/msm/sde/rotator/sde_rotator_dev.c
index e170c9ffafc7..0cd8e613c224 100644
--- a/drivers/media/platform/msm/sde/rotator/sde_rotator_dev.c
+++ b/drivers/media/platform/msm/sde/rotator/sde_rotator_dev.c
@@ -1924,8 +1924,13 @@ static long sde_rotator_private_ioctl(struct file *file, void *fh,
 static long sde_rotator_compat_ioctl32(struct file *file,
 	unsigned int cmd, unsigned long arg)
 {
+	struct video_device *vdev = video_devdata(file);
+	struct sde_rotator_ctx *ctx =
+			sde_rotator_ctx_from_fh(file->private_data);
 	long ret;
 
+	mutex_lock(vdev->lock);
+
 	switch (cmd) {
 	case VIDIOC_S_SDE_ROTATOR_FENCE:
 	case VIDIOC_G_SDE_ROTATOR_FENCE:
@@ -1934,14 +1939,14 @@ static long sde_rotator_compat_ioctl32(struct file *file,
 
 		if (copy_from_user(&fence, (void __user *)arg,
 				sizeof(struct msm_sde_rotator_fence)))
-			return -EFAULT;
+			goto ioctl32_error;
 
 		ret = sde_rotator_private_ioctl(file, file->private_data,
 			0, cmd, (void *)&fence);
 
 		if (copy_to_user((void __user *)arg, &fence,
 				sizeof(struct msm_sde_rotator_fence)))
-			return -EFAULT;
+			goto ioctl32_error;
 
 		break;
 	}
@@ -1952,24 +1957,31 @@ static long sde_rotator_compat_ioctl32(struct file *file,
 
 		if (copy_from_user(&comp_ratio, (void __user *)arg,
 				sizeof(struct msm_sde_rotator_comp_ratio)))
-			return -EFAULT;
+			goto ioctl32_error;
 
 		ret = sde_rotator_private_ioctl(file, file->private_data,
 			0, cmd, (void *)&comp_ratio);
 
 		if (copy_to_user((void __user *)arg, &comp_ratio,
 				sizeof(struct msm_sde_rotator_comp_ratio)))
-			return -EFAULT;
+			goto ioctl32_error;
 
 		break;
 	}
 	default:
+		SDEDEV_ERR(ctx->rot_dev->dev, "invalid ioctl32 type:%x\n", cmd);
 		ret = -ENOIOCTLCMD;
 		break;
 
 	}
 
+	mutex_unlock(vdev->lock);
 	return ret;
+
+ioctl32_error:
+	mutex_unlock(vdev->lock);
+	SDEDEV_ERR(ctx->rot_dev->dev, "error handling ioctl32 cmd:%x\n", cmd);
+	return -EFAULT;
 }
 #endif