diff --git a/drivers/media/platform/msm/vidc/hfi_response_handler.c b/drivers/media/platform/msm/vidc/hfi_response_handler.c
index b044e685f2760508c4e795230bb7e258faad8e95..ede75391b737498fc73fe0d5a12b2310727682c6 100644
--- a/drivers/media/platform/msm/vidc/hfi_response_handler.c
+++ b/drivers/media/platform/msm/vidc/hfi_response_handler.c
@@ -78,7 +78,7 @@ static enum vidc_status hfi_map_err_status(int hfi_err)
return vidc_err;
}
-static int sanitize_session_pkt(struct list_head *sessions,
+static int validate_session_pkt(struct list_head *sessions,
struct hal_session *sess, struct mutex *session_lock)
{
struct hal_session *session;
@@ -217,8 +217,10 @@ static void hfi_process_session_error(
}
static void hfi_process_event_notify(
msm_vidc_callback callback, u32 device_id,
- struct hfi_msg_event_notify_packet *pkt)
+ struct hfi_msg_event_notify_packet *pkt,
+ struct list_head *sessions, struct mutex *session_lock)
{
+ struct hal_session *sess = NULL;
dprintk(VIDC_DBG, "RECVD:EVENT_NOTIFY");
if (!callback || !pkt ||
@@ -226,6 +228,7 @@ static void hfi_process_event_notify(
dprintk(VIDC_ERR, "Invalid Params");
return;
}
+ sess = (struct hal_session *)pkt->session_id;
switch (pkt->event_id) {
case HFI_EVENT_SYS_ERROR:
@@ -235,11 +238,14 @@ static void hfi_process_event_notify(
break;
case HFI_EVENT_SESSION_ERROR:
dprintk(VIDC_ERR, "HFI_EVENT_SESSION_ERROR");
- hfi_process_session_error(callback, device_id, pkt);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_error(callback, device_id, pkt);
break;
case HFI_EVENT_SESSION_SEQUENCE_CHANGED:
dprintk(VIDC_INFO, "HFI_EVENT_SESSION_SEQUENCE_CHANGED");
- hfi_process_sess_evt_seq_changed(callback, device_id, pkt);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_sess_evt_seq_changed(callback,
+ device_id, pkt);
break;
case HFI_EVENT_SESSION_PROPERTY_CHANGED:
dprintk(VIDC_INFO, "HFI_EVENT_SESSION_PROPERTY_CHANGED");
@@ -1207,7 +1213,7 @@ u32 hfi_process_msg_packet(
struct list_head *sessions, struct mutex *session_lock)
{
u32 rc = 0;
- struct hal_session *sess;
+ struct hal_session *sess = NULL;
if (!callback || !msg_hdr || msg_hdr->size <
VIDC_IFACEQ_MIN_PKT_SIZE) {
dprintk(VIDC_ERR, "hal_process_msg_packet:bad"
@@ -1216,21 +1222,16 @@ u32 hfi_process_msg_packet(
return rc;
}
-#define SANITIZE_SESSION_PKT(msg_pkt) ({ \
- sess = (struct hal_session *) \
- (((struct vidc_hal_session_cmd_pkt *) \
- msg_pkt)->session_id); \
- if (sanitize_session_pkt(sessions, sess, session_lock)) \
- break; \
- })
-
dprintk(VIDC_INFO, "Received: 0x%x in ", msg_hdr->packet);
rc = (u32) msg_hdr->packet;
+ sess = (struct hal_session *)((struct
+ vidc_hal_session_cmd_pkt*) msg_hdr)->session_id;
+
switch (msg_hdr->packet) {
case HFI_MSG_EVENT_NOTIFY:
- SANITIZE_SESSION_PKT(msg_hdr);
hfi_process_event_notify(callback, device_id,
- (struct hfi_msg_event_notify_packet *) msg_hdr);
+ (struct hfi_msg_event_notify_packet *) msg_hdr,
+ sessions, session_lock);
break;
case HFI_MSG_SYS_INIT_DONE:
hfi_process_sys_init_done(callback, device_id,
@@ -1240,10 +1241,10 @@ u32 hfi_process_msg_packet(
case HFI_MSG_SYS_IDLE:
break;
case HFI_MSG_SYS_SESSION_INIT_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_init_done(callback, device_id,
- (struct hfi_msg_sys_session_init_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_init_done(callback, device_id,
+ (struct hfi_msg_sys_session_init_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SYS_PROPERTY_INFO:
hfi_process_sys_property_info(
@@ -1251,85 +1252,85 @@ u32 hfi_process_msg_packet(
msg_hdr);
break;
case HFI_MSG_SYS_SESSION_END_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_end_done(callback, device_id,
- (struct hfi_msg_sys_session_end_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_end_done(callback, device_id,
+ (struct hfi_msg_sys_session_end_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_LOAD_RESOURCES_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_load_res_done(callback, device_id,
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_load_res_done(callback, device_id,
(struct hfi_msg_session_load_resources_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_START_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_start_done(callback, device_id,
- (struct hfi_msg_session_start_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_start_done(callback, device_id,
+ (struct hfi_msg_session_start_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_STOP_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_stop_done(callback, device_id,
- (struct hfi_msg_session_stop_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_stop_done(callback, device_id,
+ (struct hfi_msg_session_stop_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_EMPTY_BUFFER_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_etb_done(callback, device_id,
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_etb_done(callback, device_id,
(struct hfi_msg_session_empty_buffer_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_FILL_BUFFER_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_ftb_done(callback, device_id, msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_ftb_done(callback, device_id,
+ msg_hdr);
break;
case HFI_MSG_SESSION_FLUSH_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_flush_done(callback, device_id,
- (struct hfi_msg_session_flush_done_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_flush_done(callback, device_id,
+ (struct hfi_msg_session_flush_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_PROPERTY_INFO:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_prop_info(callback, device_id,
- (struct hfi_msg_session_property_info_packet *)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_prop_info(callback, device_id,
+ (struct hfi_msg_session_property_info_packet *)
+ msg_hdr);
break;
case HFI_MSG_SESSION_RELEASE_RESOURCES_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_rel_res_done(callback, device_id,
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_rel_res_done(callback, device_id,
(struct hfi_msg_session_release_resources_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SYS_RELEASE_RESOURCE:
hfi_process_sys_rel_resource_done(callback, device_id,
(struct hfi_msg_sys_release_resource_done_packet *)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_GET_SEQUENCE_HEADER_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_get_seq_hdr_done(
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_get_seq_hdr_done(
callback, device_id, (struct
hfi_msg_session_get_sequence_header_done_packet*)
- msg_hdr);
+ msg_hdr);
break;
case HFI_MSG_SESSION_RELEASE_BUFFERS_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_rel_buf_done(
- callback, device_id, (struct
- hfi_msg_session_release_buffers_done_packet*)
- msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_rel_buf_done(callback, device_id,
+ (struct hfi_msg_session_release_buffers_done_packet *)
+ msg_hdr);
break;
case HFI_MSG_SYS_SESSION_ABORT_DONE:
- SANITIZE_SESSION_PKT(msg_hdr);
- hfi_process_session_abort_done(callback, device_id, (struct
- hfi_msg_sys_session_abort_done_packet*) msg_hdr);
+ if (!validate_session_pkt(sessions, sess, session_lock))
+ hfi_process_session_abort_done(callback, device_id,
+ (struct hfi_msg_sys_session_abort_done_packet *)
+ msg_hdr);
break;
default:
dprintk(VIDC_DBG, "UNKNOWN_MSG_TYPE : %d", msg_hdr->packet);
break;
}
-#undef SANITIZE_SESSION_PKT
return rc;
}