Received: by 10.223.164.202 with SMTP id h10csp2122859wrb; Sat, 18 Nov 2017 13:32:48 -0800 (PST) X-Google-Smtp-Source: AGs4zMaKi5PLjmsJdyzdr8N+dgzlJNspiuN9r0mVT/KV4ExhzNZZ7QIWhzjKDKZFu4kzP/VVLL2V X-Received: by 10.98.160.193 with SMTP id p62mr6412918pfl.138.1511040768520; Sat, 18 Nov 2017 13:32:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511040768; cv=none; d=google.com; s=arc-20160816; b=JEnEtsEWRBSsoXLSXXrY+CUDc5sPRqOuKFpPFx6mkeXrfKu43vdppOuZ0ytCrha23n cH7lLEaKBIVbqOH8chP/ITPmrKIvP3/vfkS34RAuV7k67JZypxiuQzysuUYHjgARF9c8 AquWS9qVLp6Q3L2wZchlyITPi4AZwlDZjnok8pLMiO7lnQ2sbjO8qwd8uKW8imtlQ6o2 WxkN7mCPSt4CGqnFELT0vJbc5gqVEIX58m39bVFA0FUymGt6ThKj0l/p4YjHmp6W7Zwi UhkQ7Mj71KvpFaHtzMsaS1CjM11XKNO/jfxMhPqj0krz2IRXJiRgiFFuqu57s7/kSCvf E9sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dmarc-filter :dkim-signature:dkim-signature:arc-authentication-results; bh=8HAm0nq8qvfkTWlkFyogB/boq7oHEQLaLCH8GzoZAJo=; b=Bdm2GsqczOg7wUlT2YoCqIF0fz6zW3h/fonjncoFwBDJtVO0PTCMOIba5SpJ8jQyMY ft+CaL+e3s03m7DPQb/9uUnyDYjb2keghCI9+lvRlijSpfwHv94wxOF0yKkLsLg0mpjV y6uUuhUQYbSlgMNIM31/M2jAGbtOF+7ccFFGJf6kYcgIdz12dlGlm8ZaHGfgA5ykUUVI 55rDT5ip2fAlUa89RJB/OyydzbPzPAhw3rC+tE7nxdMkUHT+L7gDr6BV4hvDd/FGNckt MkS/SrikJDpMix/QsCxCseC/sHbBR2CHdd2U8dhvkeGP/hvMELHwgsS4e3avEbq+pfiA bOuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=mNvpjiqC; dkim=pass header.i=@codeaurora.org header.s=default header.b=hGjC3gWw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q75si5537952pfg.61.2017.11.18.13.32.35; Sat, 18 Nov 2017 13:32:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=mNvpjiqC; dkim=pass header.i=@codeaurora.org header.s=default header.b=hGjC3gWw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937175AbdKRCLN (ORCPT + 93 others); Fri, 17 Nov 2017 21:11:13 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:54762 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754960AbdKRCLF (ORCPT ); Fri, 17 Nov 2017 21:11:05 -0500 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 3A6FC606F8; Sat, 18 Nov 2017 02:11:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1510971065; bh=iGlZ2pZP5Trxmg5IPDQP1vMWRzGAYcGPxczjSFMmzyI=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=mNvpjiqCe2uAH1ZP9u3fUg0dwTod8KV/bXKRS/KVo6Kz1Tamho65wUBNRzDI0TKkc BR9cLXa9B+kpf5HcpxQOnWmfJZ6vqJfFDco2HzppeRBNjxktfRXaEVY95Ov6dTqwpI U7Z5Ak64wo2p60qxF5PgoRBeWc41Soivx76fbuuY= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from [192.168.142.6] (i-global254.qualcomm.com [199.106.103.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: clew@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 62225605A5; Sat, 18 Nov 2017 02:11:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1510971064; bh=iGlZ2pZP5Trxmg5IPDQP1vMWRzGAYcGPxczjSFMmzyI=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=hGjC3gWwvZ7UkXh+XB4tvVRzPA3L/kIX8apghbbwF8e29isPjNFFssmBukFjyw8IO ysJ9doSZZCxbgd/Kt0R9Wus7gicgGOilSwBHwiumP7vgw4gH12EpUZ5uiPbvw/nbES ChVy09vc234tKczThHmKb23nqYJ0iog9ItGTJyPk= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 62225605A5 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=clew@codeaurora.org Subject: Re: [PATCH v3 2/5] soc: qcom: Introduce QMI helpers To: Bjorn Andersson , Andy Gross , Ohad Ben-Cohen Cc: Arun Kumar Neelakantam , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-soc@vger.kernel.org, linux-remoteproc@vger.kernel.org References: <20171115201012.25892-1-bjorn.andersson@linaro.org> <20171115201012.25892-3-bjorn.andersson@linaro.org> From: Chris Lew Message-ID: <98a56116-d6f8-9084-d49e-c7669ddaa945@codeaurora.org> Date: Fri, 17 Nov 2017 18:11:03 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171115201012.25892-3-bjorn.andersson@linaro.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/15/2017 12:10 PM, Bjorn Andersson wrote: [..]> +static void qmi_handle_message(struct qmi_handle *qmi, > + struct sockaddr_qrtr *sq, > + const void *buf, size_t len) > +{ > + const struct qmi_header *hdr; > + struct qmi_txn tmp_txn; > + struct qmi_txn *txn = NULL; > + int ret; > + > + if (len < sizeof(*hdr)) { > + pr_err("ignoring short QMI packet\n"); > + return; > + } > + > + hdr = buf; > + > + /* If this is a response, find the matching transaction handle */ > + if (hdr->type == QMI_RESPONSE) { > + mutex_lock(&qmi->txn_lock); > + txn = idr_find(&qmi->txns, hdr->txn_id); > + if (txn) > + mutex_lock(&txn->lock); > + mutex_unlock(&qmi->txn_lock); > + } > + > + if (txn && txn->dest && txn->ei) { > + ret = qmi_decode_message(buf, len, txn->ei, txn->dest); > + if (ret < 0) > + pr_err("failed to decode incoming message\n"); > + > + txn->result = ret; > + complete(&txn->completion); > + > + mutex_unlock(&txn->lock); > + } else if (txn) { > + qmi_invoke_handler(qmi, sq, txn, buf, len); > + > + mutex_unlock(&txn->lock); > + } else { > + /* Create a txn based on the txn_id of the incoming message */ > + memset(&tmp_txn, 0, sizeof(tmp_txn)); > + tmp_txn.id = hdr->txn_id; > + > + qmi_invoke_handler(qmi, sq, &tmp_txn, buf, len); I'm seeing an opportunity for user error with timed out transactions. If txn_wait gets timed out the txn is removed from the txns list. Later if we get the response, it comes down to this else with the tmp_txn. Some handlers may try to do a complete(&txn->completion) like the qmi_sample_client ping_pong_cb. This leads to a null pointer dereference since the temp txn was never initialized. Should clients not call complete and we can call the complete in the else if(txn) condition? Thanks, Chris -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project From 1584319148107498703@xxx Fri Nov 17 13:14:40 +0000 2017 X-GM-THRID: 1584176559406971010 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread