From cf762ff2ee19678da609c700f35028ddd460b46c Mon Sep 17 00:00:00 2001 From: Yojana Juadi Date: Fri, 11 Aug 2023 11:05:36 +0530 Subject: [PATCH] disp: msm: sde: add mutex lock to protect wb_dev There is null pointer dereference seen due to concurrency of wb_get_modes from userspace and clearing of writeback modes in wb_reset. This change acquires mutex lock to provide exclusive access to wb_dev effectively preventing such concurrency issues. Change-Id: Idd38e38696c839f557b94aa9313761d4d7738902 Signed-off-by: Yojana Juadi --- msm/sde/sde_encoder_phys_wb.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/msm/sde/sde_encoder_phys_wb.c b/msm/sde/sde_encoder_phys_wb.c index 9e952e86..cc6db1c8 100644 --- a/msm/sde/sde_encoder_phys_wb.c +++ b/msm/sde/sde_encoder_phys_wb.c @@ -1949,12 +1949,14 @@ static void _sde_encoder_phys_wb_reset_state(struct sde_encoder_phys *phys_enc) phys_enc->hw_cdm = NULL; phys_enc->hw_ctl = NULL; phys_enc->in_clone_mode = false; - kfree(wb_dev->modes); - wb_dev->modes = NULL; - wb_dev->count_modes = 0; atomic_set(&phys_enc->pending_kickoff_cnt, 0); atomic_set(&phys_enc->pending_retire_fence_cnt, 0); atomic_set(&phys_enc->pending_ctl_start_cnt, 0); + mutex_lock(&wb_dev->wb_lock); + kfree(wb_dev->modes); + wb_dev->modes = NULL; + wb_dev->count_modes = 0; + mutex_unlock(&wb_dev->wb_lock); } static int _sde_encoder_phys_wb_wait_for_idle(struct sde_encoder_phys *phys_enc, bool force_wait)