Commit bdf2b26d authored by Stefan Wahren's avatar Stefan Wahren Committed by Greg Kroah-Hartman
Browse files

staging: vchiq_arm: avoid crashing the kernel 



Using BUG_ON in a non-essential driver isn't recommend. So better
trigger a stacktrace and bailout.

Reviewed-by: default avatarNicolas Saenz Julienne <nsaenz@kernel.org>
Signed-off-by: default avatarStefan Wahren <stefan.wahren@i2se.com>
Link: https://lore.kernel.org/r/1619347863-16080-2-git-send-email-stefan.wahren@i2se.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent ad843f39

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c

+13 −4
Original line number Diff line number Diff line
@@ -602,7 +602,9 @@ service_callback(enum vchiq_reason reason, struct vchiq_header *header, 
	DEBUG_TRACE(SERVICE_CALLBACK_LINE);



	service = handle_to_service(handle);

	BUG_ON(!service);

	if (WARN_ON(!service))

		return VCHIQ_SUCCESS;



	user_service = (struct user_service *)service->base.userdata;

	instance = user_service->instance;
@@ -918,8 +920,12 @@ static int vchiq_ioc_dequeue_message(struct vchiq_instance *instance, 
			goto out;

	}



	BUG_ON((int)(user_service->msg_insert -

		user_service->msg_remove) < 0);

	if (WARN_ON_ONCE((int)(user_service->msg_insert -

			 user_service->msg_remove) < 0)) {

		spin_unlock(&msg_queue_spinlock);

		ret = -EINVAL;

		goto out;

	}



	header = user_service->msg_queue[user_service->msg_remove &

		(MSG_QUEUE_SIZE - 1)];
@@ -1937,7 +1943,10 @@ static int vchiq_release(struct inode *inode, struct file *file) 


		wait_for_completion(&service->remove_event);



		BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE);

		if (WARN_ON(service->srvstate != VCHIQ_SRVSTATE_FREE)) {

			unlock_service(service);

			break;

		}



		spin_lock(&msg_queue_spinlock);