msm: ADSPRPC: validate context pointer with magic number

Validate context pointer using magic number instead of searching
through context list. It removes the usage of spin lock in interrupt
handler for avoiding deadlock and reducing latency.

Change-Id: I2492a7984a8d6545618a9cfb7a2d239d03ddd5a2
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>

diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index 77c8f27..61a8786 100644 (file)
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -65,6 +65,7 @@
 #define BALIGN         128
 #define NUM_CHANNELS   4               /* adsp,sdsp,mdsp,cdsp */
 #define NUM_SESSIONS   9               /*8 compute, 1 cpz*/
+#define FASTRPC_CTX_MAGIC (0xbeeddeed)
 
 #define IS_CACHE_ALIGNED(x) (((x) & ((L1_CACHE_BYTES)-1)) == 0)
 
@@ -175,6 +176,7 @@ struct smq_invoke_ctx {
        struct overlap *overs;
        struct overlap **overps;
        struct smq_msg msg;
+       unsigned int magic;
 };
 
 struct fastrpc_ctx_lst {
@@ -955,6 +957,7 @@ static int context_alloc(struct fastrpc_file *fl, uint32_t kernel,
        ctx->pid = current->pid;
        ctx->tgid = current->tgid;
        init_completion(&ctx->work);
+       ctx->magic = FASTRPC_CTX_MAGIC;
 
        spin_lock(&fl->hlock);
        hlist_add_head(&ctx->hn, &clst->pending);
@@ -989,6 +992,7 @@ static void context_free(struct smq_invoke_ctx *ctx)
        for (i = 0; i < nbufs; ++i)
                fastrpc_mmap_free(ctx->maps[i]);
        fastrpc_buf_free(ctx->buf, 1);
+       ctx->magic = 0;
        kfree(ctx);
 }
 
@@ -1459,16 +1463,23 @@ static void fastrpc_smd_read_handler(int cid)
 {
        struct fastrpc_apps *me = &gfa;
        struct smq_invoke_rsp rsp = {0};
-       int ret = 0;
+       struct smq_invoke_ctx *ctx;
+       int ret = 0, err = 0;
 
        do {
                ret = smd_read_from_cb(me->channel[cid].chan, &rsp,
                                        sizeof(rsp));
                if (ret != sizeof(rsp))
                        break;
-               rsp.ctx = rsp.ctx & ~1;
+               ctx = (struct smq_invoke_ctx *)(uint64_to_ptr(rsp.ctx));
+               VERIFY(err, (ctx && ctx->magic == FASTRPC_CTX_MAGIC));
+               if (err)
+                       goto bail;
                context_notify_user(uint64_to_ptr(rsp.ctx), rsp.retval);
        } while (ret == sizeof(rsp));
+bail:
+       if (err)
+               pr_err("adsprpc: invalid response or context\n");
 }
 
 static void smd_event_handler(void *priv, unsigned event)