msm: npu: Fix use after free issue
There is possibility that network will be used after free.
This change is to fix this issue.
Change-Id: I39aa81ddc4a7d1801b2f7157aa21f0051ff2d5a5
Signed-off-by: Gao Wang <quic_gaowang@quicinc.com>
(cherry picked from commit c29b693900)
This commit is contained in:
Gao Wang
@@ -1,6 +1,7 @@
|
|||||||
// SPDX-License-Identifier: GPL-2.0-only
|
// SPDX-License-Identifier: GPL-2.0-only
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2018-2021, The Linux Foundation. All rights reserved.
|
* Copyright (c) 2018-2021, The Linux Foundation. All rights reserved.
|
||||||
|
* Copyright (c) 2024, Qualcomm Innovation Center, Inc. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* -------------------------------------------------------------------------
|
/* -------------------------------------------------------------------------
|
||||||
@@ -2544,6 +2545,13 @@ int32_t npu_host_unload_network(struct npu_client *client,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (network->is_executing) {
|
||||||
|
pr_err("network is in execution\n");
|
||||||
|
network_put(network);
|
||||||
|
mutex_unlock(&host_ctx->lock);
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
if (network->fw_error) {
|
if (network->fw_error) {
|
||||||
NPU_ERR("fw in error state, skip unload network in fw\n");
|
NPU_ERR("fw in error state, skip unload network in fw\n");
|
||||||
goto free_network;
|
goto free_network;
|
||||||
@@ -2707,6 +2715,12 @@ int32_t npu_host_exec_network_v2(struct npu_client *client,
|
|||||||
goto exec_v2_done;
|
goto exec_v2_done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (network->is_executing) {
|
||||||
|
pr_err("network is already in execution\n");
|
||||||
|
ret = -EINVAL;
|
||||||
|
goto exec_v2_done;
|
||||||
|
}
|
||||||
|
|
||||||
if (host_ctx->dev_shuttingdown) {
|
if (host_ctx->dev_shuttingdown) {
|
||||||
NPU_ERR("device is shutting down\n");
|
NPU_ERR("device is shutting down\n");
|
||||||
ret = -EIO;
|
ret = -EIO;
|
||||||
@@ -2724,6 +2738,7 @@ int32_t npu_host_exec_network_v2(struct npu_client *client,
|
|||||||
goto exec_v2_done;
|
goto exec_v2_done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
network->is_executing = true;
|
||||||
for (i = 0; i < num_patch_params; i++) {
|
for (i = 0; i < num_patch_params; i++) {
|
||||||
exec_packet->patch_params[i].id = patch_buf_info[i].buf_id;
|
exec_packet->patch_params[i].id = patch_buf_info[i].buf_id;
|
||||||
NPU_DBG("%d: patch_id: %x\n", i,
|
NPU_DBG("%d: patch_id: %x\n", i,
|
||||||
@@ -2833,6 +2848,7 @@ int32_t npu_host_exec_network_v2(struct npu_client *client,
|
|||||||
npu_free_network_cmd(host_ctx, exec_cmd);
|
npu_free_network_cmd(host_ctx, exec_cmd);
|
||||||
free_exec_packet:
|
free_exec_packet:
|
||||||
kfree(exec_packet);
|
kfree(exec_packet);
|
||||||
|
network->is_executing = false;
|
||||||
exec_v2_done:
|
exec_v2_done:
|
||||||
network_put(network);
|
network_put(network);
|
||||||
mutex_unlock(&host_ctx->lock);
|
mutex_unlock(&host_ctx->lock);
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
/* SPDX-License-Identifier: GPL-2.0-only */
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
|
* Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
|
||||||
|
* Copyright (c) 2024, Qualcomm Innovation Center, Inc. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _NPU_MGR_H
|
#ifndef _NPU_MGR_H
|
||||||
@@ -85,6 +86,7 @@ struct npu_network {
|
|||||||
bool is_valid;
|
bool is_valid;
|
||||||
bool is_active;
|
bool is_active;
|
||||||
bool is_unloading;
|
bool is_unloading;
|
||||||
|
bool is_executing;
|
||||||
bool fw_error;
|
bool fw_error;
|
||||||
struct npu_client *client;
|
struct npu_client *client;
|
||||||
struct list_head cmd_list;
|
struct list_head cmd_list;
|
||||||
|
|||||||
Reference in New Issue
Block a user