[PATCH v2 2/5] misc: fastrpc: Don't reference rpmsg_device after remove

From: Srinivas Kandagatla
Date: Thu Aug 29 2019 - 05:29:45 EST


From: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>

As fastrpc_rpmsg_remove() returns the rpdev of the channel context is no
longer a valid object, so ensure to update the channel context to no
longer reference the old object and guard in the invoke code path
against dereferencing it.

Signed-off-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Signed-off-by: Mayank Chopra <mak.chopra@xxxxxxxxxxxxxx>
Signed-off-by: Abhinav Asati <asatiabhi@xxxxxxxxxxxxxx>
Signed-off-by: Vamsi Singamsetty <vamssi@xxxxxxxxxxxxxx>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@xxxxxxxxxx>
---
drivers/misc/fastrpc.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index c019e867e7fa..59ee6de26229 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -913,6 +913,9 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
if (!fl->sctx)
return -EINVAL;

+ if (!fl->cctx->rpdev)
+ return -EPIPE;
+
ctx = fastrpc_context_alloc(fl, kernel, sc, args);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
@@ -1495,6 +1498,7 @@ static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev)
misc_deregister(&cctx->miscdev);
of_platform_depopulate(&rpdev->dev);

+ cctx->rpdev = NULL;
fastrpc_channel_ctx_put(cctx);
}

--
2.21.0