msm: vidc: ensure safe deletions of session instances
Session instance should acquire lock before
cleaning up the session.
Change-Id: I0e496579794291a8115286c9550c5028c7391d55
Signed-off-by: Arun Menon <avmenon@codeaurora.org>
diff --git a/drivers/media/platform/msm/vidc/hfi_response_handler.c b/drivers/media/platform/msm/vidc/hfi_response_handler.c
index 44105ad..fad9c91 100644
--- a/drivers/media/platform/msm/vidc/hfi_response_handler.c
+++ b/drivers/media/platform/msm/vidc/hfi_response_handler.c
@@ -1003,7 +1003,6 @@
struct hfi_msg_sys_session_end_done_packet *pkt)
{
struct msm_vidc_cb_cmd_done cmd_done;
- struct hal_session *sess_close;
dprintk(VIDC_DBG, "RECEIVED:SESSION_END_DONE");
@@ -1021,12 +1020,6 @@
cmd_done.status = hfi_map_err_status((u32)pkt->error_type);
cmd_done.data = NULL;
cmd_done.size = 0;
- sess_close = (struct hal_session *)pkt->session_id;
- dprintk(VIDC_INFO, "deleted the session: 0x%x",
- sess_close->session_id);
- list_del(&sess_close->list);
- kfree(sess_close);
- sess_close = NULL;
callback(SESSION_END_DONE, &cmd_done);
}
@@ -1035,7 +1028,6 @@
struct hfi_msg_sys_session_abort_done_packet *pkt)
{
struct msm_vidc_cb_cmd_done cmd_done;
- struct hal_session *sess_close;
dprintk(VIDC_DBG, "RECEIVED:SESSION_ABORT_DONE");
@@ -1053,16 +1045,6 @@
cmd_done.data = NULL;
cmd_done.size = 0;
- sess_close = (struct hal_session *)pkt->session_id;
- if (!sess_close) {
- dprintk(VIDC_ERR, "%s: invalid session pointer\n", __func__);
- return;
- }
- dprintk(VIDC_ERR, "deleted the session: 0x%x",
- sess_close->session_id);
- list_del(&sess_close->list);
- kfree(sess_close);
- sess_close = NULL;
callback(SESSION_ABORT_DONE, &cmd_done);
}
diff --git a/drivers/media/platform/msm/vidc/msm_vidc_common.c b/drivers/media/platform/msm/vidc/msm_vidc_common.c
index 57b98dc..866ce19 100644
--- a/drivers/media/platform/msm/vidc/msm_vidc_common.c
+++ b/drivers/media/platform/msm/vidc/msm_vidc_common.c
@@ -627,6 +627,8 @@
if (inst->core)
hdev = inst->core->device;
if (hdev && inst->session) {
+ dprintk(VIDC_DBG,
+ "cleaning up inst: 0x%p", inst);
rc = call_hfi_op(hdev, session_clean,
(void *) inst->session);
if (rc)
@@ -693,10 +695,24 @@
{
struct msm_vidc_cb_cmd_done *response = data;
struct msm_vidc_inst *inst;
+ struct hfi_device *hdev = NULL;
+
if (response) {
inst = (struct msm_vidc_inst *)response->session_id;
- signal_session_msg_receipt(cmd, inst);
+ if (!inst || !inst->core || !inst->core->device) {
+ dprintk(VIDC_ERR, "%s invalid params\n", __func__);
+ return;
+ }
+ hdev = inst->core->device;
+ mutex_lock(&inst->lock);
+ if (inst->session) {
+ dprintk(VIDC_DBG, "cleaning up inst: 0x%p", inst);
+ call_hfi_op(hdev, session_clean,
+ (void *) inst->session);
+ }
inst->session = NULL;
+ mutex_unlock(&inst->lock);
+ signal_session_msg_receipt(cmd, inst);
show_stats(inst);
} else {
dprintk(VIDC_ERR,