Data pointer has been reused after freed it. So,
it has been moved to after using the data pointer
to clean up resource and freed it.
Change-Id: Ibc94e092134ff1f36e896c679ade7f639254a24d
Signed-off-by: Sungjun Park <sjpark@codeaurora.org>
Below is the synchronization issue between unmount and kjournald2
contexts, which results into use after free issue in kjournald2().
Fix this issue by using journal->j_state_lock to synchronize the
wait_event() done in journal_kill_thread() and the wake_up() done
in kjournald2().
TASK 1:
umount cmd:
|--jbd2_journal_destroy() {
|--journal_kill_thread() {
write_lock(&journal->j_state_lock);
journal->j_flags |= JBD2_UNMOUNT;
...
write_unlock(&journal->j_state_lock);
wake_up(&journal->j_wait_commit); TASK 2 wakes up here:
kjournald2() {
...
checks JBD2_UNMOUNT flag and calls goto end-loop;
...
end_loop:
write_unlock(&journal->j_state_lock);
journal->j_task = NULL; --> If this thread gets
pre-empted here, then TASK 1 wait_event will
exit even before this thread is completely
done.
wait_event(journal->j_wait_done_commit, journal->j_task == NULL);
...
write_lock(&journal->j_state_lock);
write_unlock(&journal->j_state_lock);
}
|--kfree(journal);
}
}
wake_up(&journal->j_wait_done_commit); --> this step
now results into use after free issue.
}
Change-Id: I7487aff6f946544cfcfc38a9f28769be762e3969
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Do not close MHI channels when usb is disconnected and a process
is running in memory device mode.
Change-Id: I043fc25542e432a9fa294d4f433945718b2e5878
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
During ramdump collection we assign memory to HLOS from subsystem for
non-secure pil. Whether ramdump collection is successful or not, we
should assign memory back to subsystem. This is to avoid access
violations in powerup path which happens after ramdump.
CRs-Fixed: 2002073
Change-Id: I7f1d42aebb44464fe077ca544ce91c2d7a8eefbb
Signed-off-by: Puja Gupta <pujag@codeaurora.org>
Add error message for GFP_ATOMIC allocation failure. Keep current
design to drop packet if allocation fails. This print will help debug
issues where a system critical client fails because of a dropped GLINK
packet.
CRs-Fixed: 1112151
Change-Id: I6a69cbf1f88295009284d726a06fa5affd4cc591
Signed-off-by: Chris Lew <clew@codeaurora.org>
firmware-5.bin file for WCN3990 contains just WMI and HTT versions and
firmware is loaded by PIL.
This change, populate the hw params for WCN3990 and parse
firmware-5.bin file for WMI and HTT versions.
CRs-Fixed: 2002151
Change-Id: Ic65d3696e9546fd428e608f4738e9fe53d61338f
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
