From a1ccb4d410b2904ca0591c6ec27a277229b81fc8 Mon Sep 17 00:00:00 2001
From: Vidyakumar Athota <vathota@codeaurora.org>
Date: Mon, 28 Nov 2016 10:45:37 -0800
Subject: [PATCH 1/2] soc: qcom: avoid channel open during LOCAL_DISCONNECT
 state

Glink channel state LOCAL_DISCONNECT occurs only when remote
side channel is closed or device node closed from userspace.
In this case, glink LINK itself is not available to open channel.
So avoid opening glink channels during LOCAL_DISCONNECT state.

Change-Id: I637622d7bfd0cd1d0aa5b905173a7674093674c4
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
---
 drivers/soc/qcom/wcd-dsp-glink.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/soc/qcom/wcd-dsp-glink.c b/drivers/soc/qcom/wcd-dsp-glink.c
index 6bc815862541..daa6ed5ed5ea 100644
--- a/drivers/soc/qcom/wcd-dsp-glink.c
+++ b/drivers/soc/qcom/wcd-dsp-glink.c
@@ -318,9 +318,6 @@ static void wdsp_glink_notify_state(void *handle, const void *priv,
 		if (ch->free_mem) {
 			kfree(ch);
 			ch = NULL;
-		} else {
-			/* Open the glink channel again */
-			queue_work(wpriv->work_queue, &ch->lcl_ch_open_wrk);
 		}
 	} else if (event == GLINK_REMOTE_DISCONNECTED) {
 		dev_dbg(wpriv->dev, "%s: remote channel: %s disconnected remotely\n",

From a1e1a009233289ca64ff387e7a72bd2f59ae0502 Mon Sep 17 00:00:00 2001
From: Vidyakumar Athota <vathota@codeaurora.org>
Date: Tue, 29 Nov 2016 13:45:42 -0800
Subject: [PATCH 2/2] soc: qcom: fix to avoid invalid memory access

In error scenarios, tx_buf is accessed even after tx_buf
memory is freed up. This change is to avoid access to freed
up memory.

Change-Id: I93a2c5875474094da1de07ddaaad8a709193632f
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
---
 drivers/soc/qcom/wcd-dsp-glink.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/soc/qcom/wcd-dsp-glink.c b/drivers/soc/qcom/wcd-dsp-glink.c
index daa6ed5ed5ea..efd5945ea626 100644
--- a/drivers/soc/qcom/wcd-dsp-glink.c
+++ b/drivers/soc/qcom/wcd-dsp-glink.c
@@ -604,6 +604,7 @@ static void wdsp_glink_tx_buf_work(struct work_struct *work)
 
 	mutex_lock(&tx_buf->ch->mutex);
 	if (ch->channel_state == GLINK_CONNECTED) {
+		mutex_unlock(&tx_buf->ch->mutex);
 		ret = glink_tx(ch->handle, tx_buf,
 			       cpkt->payload, cpkt->payload_size,
 			       GLINK_TX_REQ_INTENT);
@@ -618,6 +619,7 @@ static void wdsp_glink_tx_buf_work(struct work_struct *work)
 			kfree(tx_buf);
 		}
 	} else {
+		mutex_unlock(&tx_buf->ch->mutex);
 		dev_err(wpriv->dev, "%s: channel %s is not in connected state\n",
 			__func__, ch->ch_cfg.name);
 		/*
@@ -626,7 +628,6 @@ static void wdsp_glink_tx_buf_work(struct work_struct *work)
 		 */
 		kfree(tx_buf);
 	}
-	mutex_unlock(&tx_buf->ch->mutex);
 }
 
 /*