evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

spcom: avoid race condition when handling commands

Browse source 
The spcom allows only one owner per channel, so only one app can open()
a channel char device at a time.
However, the channel owner process might share the channel file
descriptor (fd) with other threads, that might write() concurrently
a command to spcom, that can cause a race.
Add a mutex to "serialize" handling of the commands.

Change-Id: Ief9c6c48a862444dfff66d14d2317568cd6e81e6
Signed-off-by: Amir Samuelov <amirs@codeaurora.org>
This commit is contained in:
Amir Samuelov 2017-07-05 13:23:29 +03:00 committed by Gerrit - the friendly Code Review server
parent b4d55be415
commit 5459f66ad2
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
drivers/soc/qcom/spcom.c
View file

@ -245,7 +245,7 @@ struct spcom_device {
int channel_count;
/* private */
struct mutex lock;
struct mutex cmd_lock;
/* Link state */
struct completion link_state_changed;
@ -1952,6 +1952,8 @@ static int spcom_handle_write(struct spcom_channel *ch,
swap_id = htonl(cmd->cmd_id);
memcpy(cmd_name, &swap_id, sizeof(int));
mutex_lock(&spcom_dev->cmd_lock);
pr_debug("cmd_id [0x%x] cmd_name [%s].\n", cmd_id, cmd_name);
switch (cmd_id) {
@ -1972,9 +1974,11 @@ static int spcom_handle_write(struct spcom_channel *ch,
break;
default:
pr_err("Invalid Command Id [0x%x].\n", (int) cmd->cmd_id);
return -EINVAL;
ret = -EINVAL;
}
mutex_unlock(&spcom_dev->cmd_lock);
return ret;
}
@ -2675,7 +2679,7 @@ static int spcom_probe(struct platform_device *pdev)
return -ENOMEM;
spcom_dev = dev;
mutex_init(&dev->lock);
mutex_init(&spcom_dev->cmd_lock);
init_completion(&dev->link_state_changed);
spcom_dev->link_state = GLINK_LINK_STATE_DOWN;