ipc: initialize glink link state
There is a chance that glink channel memory pointer is used
after free if WDSP_REG_PKT and WDSP_CMD_PKT are received at
the same time from different threads. Fix this issue by
initializing glink link state to GLINK_LINK_STATE_DOWN.
Also limit error logs to avoid watchdog timeout issues.
Change-Id: I07c4e6f12eb057405eb59f1c0d04b890fa964ce8
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
diff --git a/ipc/wcd-dsp-glink.c b/ipc/wcd-dsp-glink.c
index 870b9f7..095205c 100644
--- a/ipc/wcd-dsp-glink.c
+++ b/ipc/wcd-dsp-glink.c
@@ -570,7 +570,7 @@
mutex_lock(&wpriv->glink_mutex);
if (wpriv->ch) {
- dev_err(wpriv->dev, "%s: glink ch memory is already allocated\n",
+ dev_err_ratelimited(wpriv->dev, "%s: glink ch memory is already allocated\n",
__func__);
ret = -EINVAL;
goto done;
@@ -579,7 +579,7 @@
no_of_channels = pkt->no_of_channels;
if (no_of_channels > WDSP_MAX_NO_OF_CHANNELS) {
- dev_err(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
+ dev_err_ratelimited(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
__func__, no_of_channels, WDSP_MAX_NO_OF_CHANNELS);
ret = -EINVAL;
goto done;
@@ -598,20 +598,20 @@
size += WDSP_CH_CFG_SIZE;
if (size > pkt_size) {
- dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
__func__, size, pkt_size);
ret = -EINVAL;
goto err_ch_mem;
}
if (ch_cfg->no_of_intents > WDSP_MAX_NO_OF_INTENTS) {
- dev_err(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
__func__, ch_cfg->no_of_intents);
ret = -EINVAL;
goto err_ch_mem;
}
size += (sizeof(u32) * ch_cfg->no_of_intents);
if (size > pkt_size) {
- dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
__func__, size, pkt_size);
ret = -EINVAL;
goto err_ch_mem;
@@ -746,7 +746,7 @@
}
if (count > WDSP_MAX_READ_SIZE) {
- dev_info(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
+ dev_info_ratelimited(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
__func__, count);
count = WDSP_MAX_READ_SIZE;
}
@@ -778,7 +778,7 @@
if (ret1) {
mutex_unlock(&wpriv->rsp_mutex);
- dev_err(wpriv->dev, "%s: copy_to_user failed %d\n",
+ dev_err_ratelimited(wpriv->dev, "%s: copy_to_user failed %d\n",
__func__, ret);
ret = -EFAULT;
goto done;
@@ -824,7 +824,7 @@
if ((count < WDSP_WRITE_PKT_SIZE) ||
(count > WDSP_MAX_WRITE_SIZE)) {
- dev_err(wpriv->dev, "%s: Invalid count = %zd\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid count = %zd\n",
__func__, count);
ret = -EINVAL;
goto done;
@@ -841,7 +841,7 @@
ret = copy_from_user(tx_buf->buf, buf, count);
if (ret) {
- dev_err(wpriv->dev, "%s: copy_from_user failed %d\n",
+ dev_err_ratelimited(wpriv->dev, "%s: copy_from_user failed %d\n",
__func__, ret);
ret = -EFAULT;
goto free_buf;
@@ -852,7 +852,7 @@
case WDSP_REG_PKT:
if (count < (WDSP_WRITE_PKT_SIZE + WDSP_REG_PKT_SIZE +
WDSP_CH_CFG_SIZE)) {
- dev_err(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
__func__, count);
ret = -EINVAL;
goto free_buf;
@@ -861,7 +861,7 @@
(struct wdsp_reg_pkt *)wpkt->payload,
count);
if (ret < 0)
- dev_err(wpriv->dev, "%s: glink register failed, ret = %d\n",
+ dev_err_ratelimited(wpriv->dev, "%s: glink register failed, ret = %d\n",
__func__, ret);
vfree(tx_buf);
break;
@@ -871,7 +871,7 @@
GLINK_LINK_STATE_UP),
msecs_to_jiffies(TIMEOUT_MS));
if (!ret) {
- dev_err(wpriv->dev, "%s: Link state wait timeout\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Link state wait timeout\n",
__func__);
ret = -ETIMEDOUT;
goto free_buf;
@@ -881,7 +881,7 @@
break;
case WDSP_CMD_PKT:
if (count <= (WDSP_WRITE_PKT_SIZE + WDSP_CMD_PKT_SIZE)) {
- dev_err(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
__func__, count);
ret = -EINVAL;
goto free_buf;
@@ -889,7 +889,7 @@
mutex_lock(&wpriv->glink_mutex);
if (wpriv->glink_state.link_state == GLINK_LINK_STATE_DOWN) {
mutex_unlock(&wpriv->glink_mutex);
- dev_err(wpriv->dev, "%s: Link state is Down\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Link state is Down\n",
__func__);
ret = -ENETRESET;
@@ -901,7 +901,7 @@
sizeof(struct wdsp_cmd_pkt) +
cpkt->payload_size;
if (count < pkt_max_size) {
- dev_err(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
__func__, count, pkt_max_size);
ret = -EINVAL;
goto free_buf;
@@ -917,7 +917,7 @@
}
}
if (!tx_buf->ch) {
- dev_err(wpriv->dev, "%s: Failed to get glink channel\n",
+ dev_err_ratelimited(wpriv->dev, "%s: Failed to get glink channel\n",
__func__);
ret = -EINVAL;
goto free_buf;
@@ -928,7 +928,7 @@
GLINK_CONNECTED),
msecs_to_jiffies(TIMEOUT_MS));
if (!ret) {
- dev_err(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
+ dev_err_ratelimited(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
__func__, tx_buf->ch->ch_cfg.name,
tx_buf->ch->channel_state);
ret = -ETIMEDOUT;
@@ -940,7 +940,8 @@
queue_work(wpriv->work_queue, &tx_buf->tx_work);
break;
default:
- dev_err(wpriv->dev, "%s: Invalid packet type\n", __func__);
+ dev_err_ratelimited(wpriv->dev, "%s: Invalid packet type\n",
+ __func__);
ret = -EINVAL;
vfree(tx_buf);
break;
@@ -986,6 +987,7 @@
goto err_wq;
}
+ wpriv->glink_state.link_state = GLINK_LINK_STATE_DOWN;
init_completion(&wpriv->rsp_complete);
init_waitqueue_head(&wpriv->link_state_wait);
mutex_init(&wpriv->rsp_mutex);