msm: camera: Add support for not accepting pkts after streamoff
There can be a race condition where unlink happens and user
driver can send the packets to kernel. Avoid this condition
by validating link handle.
Change-Id: I13e53b98aab309ed78ac6e44d4104b764f8014ea
Signed-off-by: Viswanadha Raju Thotakura <viswanad@codeaurora.org>
Signed-off-by: Karthik Anantha Ram <kartanan@codeaurora.org>
diff --git a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.c b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.c
index 55da264..c977fc4 100644
--- a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.c
+++ b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.c
@@ -17,7 +17,7 @@
#include "cam_res_mgr_api.h"
int cam_flash_prepare(struct cam_flash_ctrl *flash_ctrl,
- enum cam_flash_state state)
+ bool regulator_enable)
{
int rc = 0;
@@ -26,7 +26,7 @@
return -EINVAL;
}
- if ((state == CAM_FLASH_STATE_START) &&
+ if (regulator_enable &&
(flash_ctrl->is_regulator_enabled == false)) {
rc = qpnp_flash_led_prepare(flash_ctrl->switch_trigger,
ENABLE_REGULATOR, NULL);
@@ -37,7 +37,7 @@
}
flash_ctrl->is_regulator_enabled = true;
flash_ctrl->flash_state = CAM_FLASH_STATE_START;
- } else if ((state == CAM_FLASH_STATE_STOP) &&
+ } else if ((!regulator_enable) &&
(flash_ctrl->is_regulator_enabled == true)) {
rc = qpnp_flash_led_prepare(flash_ctrl->switch_trigger,
DISABLE_REGULATOR, NULL);
@@ -323,18 +323,13 @@
rc);
goto nrt_del_req;
}
- fctrl->flash_state =
- CAM_FLASH_STATE_LOW;
} else if (flash_data->opcode ==
CAMERA_SENSOR_FLASH_OP_OFF) {
- if (fctrl->flash_state ==
- CAM_FLASH_STATE_LOW) {
- rc = cam_flash_off(fctrl);
- if (rc)
- CAM_ERR(CAM_FLASH,
- "LED off failed: %d",
- rc);
- }
+ rc = cam_flash_off(fctrl);
+ if (rc)
+ CAM_ERR(CAM_FLASH,
+ "LED off failed: %d",
+ rc);
}
} else if (fctrl->nrt_info.cmn_attr.cmd_type ==
CAMERA_SENSOR_FLASH_CMD_TYPE_RER) {
@@ -360,8 +355,6 @@
"Fire Torch Failed");
goto nrt_del_req;
}
- fctrl->flash_state =
- CAM_FLASH_STATE_LOW;
usleep_range(
flash_data->led_on_delay_ms * 1000,
@@ -398,7 +391,6 @@
rc);
goto apply_setting_err;
}
- fctrl->flash_state = CAM_FLASH_STATE_HIGH;
}
} else if ((flash_data->opcode ==
CAMERA_SENSOR_FLASH_OP_FIRELOW) &&
@@ -413,19 +405,15 @@
rc);
goto apply_setting_err;
}
- fctrl->flash_state = CAM_FLASH_STATE_LOW;
}
} else if ((flash_data->opcode == CAMERA_SENSOR_FLASH_OP_OFF) &&
(flash_data->cmn_attr.is_settings_valid) &&
(flash_data->cmn_attr.request_id == req_id)) {
- if ((fctrl->flash_state == CAM_FLASH_STATE_LOW) ||
- (fctrl->flash_state == CAM_FLASH_STATE_HIGH)) {
- rc = cam_flash_off(fctrl);
- if (rc) {
- CAM_ERR(CAM_FLASH,
- "Flash off failed %d", rc);
- goto apply_setting_err;
- }
+ rc = cam_flash_off(fctrl);
+ if (rc) {
+ CAM_ERR(CAM_FLASH,
+ "Flash off failed %d", rc);
+ goto apply_setting_err;
}
} else {
CAM_DBG(CAM_FLASH, "NOP opcode: req_id: %u", req_id);
@@ -553,6 +541,13 @@
case CAMERA_SENSOR_FLASH_CMD_TYPE_FIRE: {
CAM_DBG(CAM_FLASH,
"CAMERA_FLASH_CMD_TYPE_OPS case called");
+ if (fctrl->flash_state != CAM_FLASH_STATE_START) {
+ CAM_ERR(CAM_FLASH,
+ "Rxed Update packets without linking");
+ fctrl->per_frame[frame_offset].
+ cmn_attr.is_settings_valid = false;
+ return -EINVAL;
+ }
flash_operation_info =
(struct cam_flash_set_on_off *) cmd_buf;
if (!flash_operation_info) {
@@ -668,6 +663,14 @@
break;
}
case CAM_PKT_NOP_OPCODE: {
+ if (fctrl->flash_state != CAM_FLASH_STATE_START) {
+ CAM_ERR(CAM_FLASH,
+ "Rxed Update packets without linking");
+ fctrl->per_frame[frame_offset].
+ cmn_attr.is_settings_valid = false;
+ return -EINVAL;
+ }
+
CAM_DBG(CAM_FLASH, "NOP Packet is Received: req_id: %u",
csl_packet->header.request_id);
goto update_req_mgr;
@@ -739,9 +742,7 @@
{
int rc = 0, i, j;
- if ((fctrl->flash_state == CAM_FLASH_STATE_LOW) ||
- (fctrl->flash_state == CAM_FLASH_STATE_HIGH))
- cam_flash_off(fctrl);
+ cam_flash_off(fctrl);
for (i = 0; i < MAX_PER_FRAME_ARRAY; i++) {
fctrl->per_frame[i].cmn_attr.request_id = 0;
@@ -760,7 +761,7 @@
if ((fctrl->flash_state == CAM_FLASH_STATE_START) &&
(fctrl->is_regulator_enabled == true)) {
- rc = cam_flash_prepare(fctrl, CAM_FLASH_STATE_STOP);
+ rc = cam_flash_prepare(fctrl, false);
if (rc)
CAM_ERR(CAM_FLASH, "Disable Regulator Failed rc: %d",
rc);
diff --git a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.h b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.h
index d5ea04c..f73409a 100644
--- a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.h
+++ b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_core.h
@@ -28,7 +28,7 @@
int cam_flash_flush_request(struct cam_req_mgr_flush_request *flush);
int cam_flash_off(struct cam_flash_ctrl *fctrl);
int cam_flash_prepare(struct cam_flash_ctrl *flash_ctrl,
- enum cam_flash_state state);
+ bool regulator_enable);
void cam_flash_shutdown(struct cam_flash_ctrl *flash_ctrl);
int cam_flash_stop_dev(struct cam_flash_ctrl *flash_ctrl);
int cam_flash_release_dev(struct cam_flash_ctrl *fctrl);
diff --git a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.c b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.c
index 2b371a3..e00d4fd 100644
--- a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.c
+++ b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.c
@@ -139,7 +139,7 @@
goto release_mutex;
}
- rc = cam_flash_prepare(fctrl, CAM_FLASH_STATE_START);
+ rc = cam_flash_prepare(fctrl, true);
if (rc) {
CAM_ERR(CAM_FLASH,
"Enable Regulator Failed rc = %d", rc);
diff --git a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.h b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.h
index bacf088..a1f8f67 100644
--- a/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.h
+++ b/drivers/media/platform/msm/camera/cam_sensor_module/cam_flash/cam_flash_dev.h
@@ -51,9 +51,6 @@
CAM_FLASH_STATE_INIT,
CAM_FLASH_STATE_ACQUIRE,
CAM_FLASH_STATE_START,
- CAM_FLASH_STATE_LOW,
- CAM_FLASH_STATE_HIGH,
- CAM_FLASH_STATE_STOP,
};
/**
diff --git a/drivers/media/platform/msm/camera/cam_sensor_module/cam_sensor/cam_sensor_core.c b/drivers/media/platform/msm/camera/cam_sensor_module/cam_sensor/cam_sensor_core.c
index 97158e4..820780d 100644
--- a/drivers/media/platform/msm/camera/cam_sensor_module/cam_sensor/cam_sensor_core.c
+++ b/drivers/media/platform/msm/camera/cam_sensor_module/cam_sensor/cam_sensor_core.c
@@ -165,6 +165,11 @@
}
case CAM_SENSOR_PACKET_OPCODE_SENSOR_UPDATE: {
+ if (s_ctrl->sensor_state != CAM_SENSOR_START) {
+ CAM_ERR(CAM_SENSOR,
+ "Rxed Update packets without linking");
+ return -EINVAL;
+ }
i2c_reg_settings =
&i2c_data->
per_frame[csl_packet->header.request_id %
@@ -185,6 +190,12 @@
break;
}
case CAM_SENSOR_PACKET_OPCODE_SENSOR_NOP: {
+ if (s_ctrl->sensor_state != CAM_SENSOR_START) {
+ CAM_ERR(CAM_SENSOR,
+ "Rxed Update packets without linking");
+ return -EINVAL;
+ }
+
cam_sensor_update_req_mgr(s_ctrl, csl_packet);
return rc;
}