Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / opensource / audio-kernel / 60871bde94822da700156d1e47139d7bb26a823b^! / . / ipc / wcd-dsp-glink.c
commit60871bde94822da700156d1e47139d7bb26a823b[log] [tgz]
authorVidyakumar Athota <vathota@codeaurora.org>Fri Sep 08 11:26:51 2017 -0700
committerVidyakumar Athota <vathota@codeaurora.org>Mon Sep 11 14:26:19 2017 -0700
tree1fbce79c7127ec14b954cee20e1d4a11d6f4d28e
parent8f7ccc2e6f1faf10b4d948c20f86c0e847050912 [diff] [blame]
ipc: initialize glink link state

There is a chance that glink channel memory pointer is used
after free if WDSP_REG_PKT and WDSP_CMD_PKT are received at
the same time from different threads. Fix this issue by
initializing glink link state to GLINK_LINK_STATE_DOWN.
Also limit error logs to avoid watchdog timeout issues.

Change-Id: I07c4e6f12eb057405eb59f1c0d04b890fa964ce8
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>

diff --git a/ipc/wcd-dsp-glink.c b/ipc/wcd-dsp-glink.c
index 870b9f7..095205c 100644
--- a/ipc/wcd-dsp-glink.c
+++ b/ipc/wcd-dsp-glink.c

@@ -570,7 +570,7 @@
 
 	mutex_lock(&wpriv->glink_mutex);
 	if (wpriv->ch) {
-		dev_err(wpriv->dev, "%s: glink ch memory is already allocated\n",
+		dev_err_ratelimited(wpriv->dev, "%s: glink ch memory is already allocated\n",
 			 __func__);
 		ret = -EINVAL;
 		goto done;
@@ -579,7 +579,7 @@
 	no_of_channels = pkt->no_of_channels;
 
 	if (no_of_channels > WDSP_MAX_NO_OF_CHANNELS) {
-		dev_err(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
+		dev_err_ratelimited(wpriv->dev, "%s: no_of_channels: %d but max allowed are %d\n",
 			__func__, no_of_channels, WDSP_MAX_NO_OF_CHANNELS);
 		ret = -EINVAL;
 		goto done;
@@ -598,20 +598,20 @@
 
 		size += WDSP_CH_CFG_SIZE;
 		if (size > pkt_size) {
-			dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
 				__func__, size, pkt_size);
 			ret = -EINVAL;
 			goto err_ch_mem;
 		}
 		if (ch_cfg->no_of_intents > WDSP_MAX_NO_OF_INTENTS) {
-			dev_err(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid no_of_intents = %d\n",
 				__func__, ch_cfg->no_of_intents);
 			ret = -EINVAL;
 			goto err_ch_mem;
 		}
 		size += (sizeof(u32) * ch_cfg->no_of_intents);
 		if (size > pkt_size) {
-			dev_err(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid size = %zd, pkt_size = %zd\n",
 				__func__, size, pkt_size);
 			ret = -EINVAL;
 			goto err_ch_mem;
@@ -746,7 +746,7 @@
 	}
 
 	if (count > WDSP_MAX_READ_SIZE) {
-		dev_info(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
+		dev_info_ratelimited(wpriv->dev, "%s: count = %zd is more than WDSP_MAX_READ_SIZE\n",
 			__func__, count);
 		count = WDSP_MAX_READ_SIZE;
 	}
@@ -778,7 +778,7 @@
 
 		if (ret1) {
 			mutex_unlock(&wpriv->rsp_mutex);
-			dev_err(wpriv->dev, "%s: copy_to_user failed %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: copy_to_user failed %d\n",
 				__func__, ret);
 			ret = -EFAULT;
 			goto done;
@@ -824,7 +824,7 @@
 
 	if ((count < WDSP_WRITE_PKT_SIZE) ||
 	    (count > WDSP_MAX_WRITE_SIZE)) {
-		dev_err(wpriv->dev, "%s: Invalid count = %zd\n",
+		dev_err_ratelimited(wpriv->dev, "%s: Invalid count = %zd\n",
 			__func__, count);
 		ret = -EINVAL;
 		goto done;
@@ -841,7 +841,7 @@
 
 	ret = copy_from_user(tx_buf->buf, buf, count);
 	if (ret) {
-		dev_err(wpriv->dev, "%s: copy_from_user failed %d\n",
+		dev_err_ratelimited(wpriv->dev, "%s: copy_from_user failed %d\n",
 			__func__, ret);
 		ret = -EFAULT;
 		goto free_buf;
@@ -852,7 +852,7 @@
 	case WDSP_REG_PKT:
 		if (count < (WDSP_WRITE_PKT_SIZE + WDSP_REG_PKT_SIZE +
 			     WDSP_CH_CFG_SIZE)) {
-			dev_err(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid reg pkt size = %zd\n",
 				__func__, count);
 			ret = -EINVAL;
 			goto free_buf;
@@ -861,7 +861,7 @@
 					(struct wdsp_reg_pkt *)wpkt->payload,
 					count);
 		if (ret < 0)
-			dev_err(wpriv->dev, "%s: glink register failed, ret = %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: glink register failed, ret = %d\n",
 				__func__, ret);
 		vfree(tx_buf);
 		break;
@@ -871,7 +871,7 @@
 							GLINK_LINK_STATE_UP),
 					 msecs_to_jiffies(TIMEOUT_MS));
 		if (!ret) {
-			dev_err(wpriv->dev, "%s: Link state wait timeout\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Link state wait timeout\n",
 				__func__);
 			ret = -ETIMEDOUT;
 			goto free_buf;
@@ -881,7 +881,7 @@
 		break;
 	case WDSP_CMD_PKT:
 		if (count <= (WDSP_WRITE_PKT_SIZE + WDSP_CMD_PKT_SIZE)) {
-			dev_err(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt size = %zd\n",
 				__func__, count);
 			ret = -EINVAL;
 			goto free_buf;
@@ -889,7 +889,7 @@
 		mutex_lock(&wpriv->glink_mutex);
 		if (wpriv->glink_state.link_state == GLINK_LINK_STATE_DOWN) {
 			mutex_unlock(&wpriv->glink_mutex);
-			dev_err(wpriv->dev, "%s: Link state is Down\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Link state is Down\n",
 				__func__);
 
 			ret = -ENETRESET;
@@ -901,7 +901,7 @@
 					sizeof(struct wdsp_cmd_pkt) +
 					cpkt->payload_size;
 		if (count < pkt_max_size) {
-			dev_err(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Invalid cmd pkt count = %zd, pkt_size = %zd\n",
 				__func__, count, pkt_max_size);
 			ret = -EINVAL;
 			goto free_buf;
@@ -917,7 +917,7 @@
 			}
 		}
 		if (!tx_buf->ch) {
-			dev_err(wpriv->dev, "%s: Failed to get glink channel\n",
+			dev_err_ratelimited(wpriv->dev, "%s: Failed to get glink channel\n",
 				__func__);
 			ret = -EINVAL;
 			goto free_buf;
@@ -928,7 +928,7 @@
 							GLINK_CONNECTED),
 					 msecs_to_jiffies(TIMEOUT_MS));
 		if (!ret) {
-			dev_err(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
+			dev_err_ratelimited(wpriv->dev, "%s: glink channel %s is not in connected state %d\n",
 				__func__, tx_buf->ch->ch_cfg.name,
 				tx_buf->ch->channel_state);
 			ret = -ETIMEDOUT;
@@ -940,7 +940,8 @@
 		queue_work(wpriv->work_queue, &tx_buf->tx_work);
 		break;
 	default:
-		dev_err(wpriv->dev, "%s: Invalid packet type\n", __func__);
+		dev_err_ratelimited(wpriv->dev, "%s: Invalid packet type\n",
+				    __func__);
 		ret = -EINVAL;
 		vfree(tx_buf);
 		break;
@@ -986,6 +987,7 @@
 		goto err_wq;
 	}
 
+	wpriv->glink_state.link_state = GLINK_LINK_STATE_DOWN;
 	init_completion(&wpriv->rsp_complete);
 	init_waitqueue_head(&wpriv->link_state_wait);
 	mutex_init(&wpriv->rsp_mutex);