From bb6a29fa54741f12641e544733af88d54a5924e6 Mon Sep 17 00:00:00 2001
From: Praveen Chavan <pchavan@codeaurora.org>
Date: Wed, 20 Jan 2016 17:44:27 -0800
Subject: [PATCH] msm: vidc: Skip session id validation for HFI_EVENT_SYS_ERROR

When SSR is triggered from driver, firmware is responding with session id
as 0X0000dead. Hence, firmware response is being discarded due to such
invalid session id. Skip session id validation for HFI_EVENT_SYS_ERROR
event type.

Author: Srinu Gorle <sgorle@codeaurora.org>

Change-Id: I750a7332baab4ebeb7702b49ffb744aae9803a36
CRs-Fixed: 539080
Signed-off-by: Srinu Gorle <sgorle@codeaurora.org>
Signed-off-by: Praveen Chavan <pchavan@codeaurora.org>
---
 .../platform/msm/vidc/hfi_response_handler.c  | 127 +++++++++---------
 1 file changed, 64 insertions(+), 63 deletions(-)

diff --git a/drivers/media/platform/msm/vidc/hfi_response_handler.c b/drivers/media/platform/msm/vidc/hfi_response_handler.c
index b044e685f276..ede75391b737 100644
--- a/drivers/media/platform/msm/vidc/hfi_response_handler.c
+++ b/drivers/media/platform/msm/vidc/hfi_response_handler.c
@@ -78,7 +78,7 @@ static enum vidc_status hfi_map_err_status(int hfi_err)
 	return vidc_err;
 }
 
-static int sanitize_session_pkt(struct list_head *sessions,
+static int validate_session_pkt(struct list_head *sessions,
 		struct hal_session *sess, struct mutex *session_lock)
 {
 	struct hal_session *session;
@@ -217,8 +217,10 @@ static void hfi_process_session_error(
 }
 static void hfi_process_event_notify(
 		msm_vidc_callback callback, u32 device_id,
-		struct hfi_msg_event_notify_packet *pkt)
+		struct hfi_msg_event_notify_packet *pkt,
+		struct list_head *sessions, struct mutex *session_lock)
 {
+	struct hal_session *sess = NULL;
 	dprintk(VIDC_DBG, "RECVD:EVENT_NOTIFY");
 
 	if (!callback || !pkt ||
@@ -226,6 +228,7 @@ static void hfi_process_event_notify(
 		dprintk(VIDC_ERR, "Invalid Params");
 		return;
 	}
+	sess = (struct hal_session *)pkt->session_id;
 
 	switch (pkt->event_id) {
 	case HFI_EVENT_SYS_ERROR:
@@ -235,11 +238,14 @@ static void hfi_process_event_notify(
 		break;
 	case HFI_EVENT_SESSION_ERROR:
 		dprintk(VIDC_ERR, "HFI_EVENT_SESSION_ERROR");
-		hfi_process_session_error(callback, device_id, pkt);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_error(callback, device_id, pkt);
 		break;
 	case HFI_EVENT_SESSION_SEQUENCE_CHANGED:
 		dprintk(VIDC_INFO, "HFI_EVENT_SESSION_SEQUENCE_CHANGED");
-		hfi_process_sess_evt_seq_changed(callback, device_id, pkt);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_sess_evt_seq_changed(callback,
+				device_id, pkt);
 		break;
 	case HFI_EVENT_SESSION_PROPERTY_CHANGED:
 		dprintk(VIDC_INFO, "HFI_EVENT_SESSION_PROPERTY_CHANGED");
@@ -1207,7 +1213,7 @@ u32 hfi_process_msg_packet(
 		struct list_head *sessions, struct mutex *session_lock)
 {
 	u32 rc = 0;
-	struct hal_session *sess;
+	struct hal_session *sess = NULL;
 	if (!callback || !msg_hdr || msg_hdr->size <
 		VIDC_IFACEQ_MIN_PKT_SIZE) {
 		dprintk(VIDC_ERR, "hal_process_msg_packet:bad"
@@ -1216,21 +1222,16 @@ u32 hfi_process_msg_packet(
 		return rc;
 	}
 
-#define SANITIZE_SESSION_PKT(msg_pkt) ({ \
-		sess = (struct hal_session *) \
-				(((struct vidc_hal_session_cmd_pkt *) \
-				msg_pkt)->session_id); \
-		if (sanitize_session_pkt(sessions, sess, session_lock)) \
-			break; \
-	})
-
 	dprintk(VIDC_INFO, "Received: 0x%x in ", msg_hdr->packet);
 	rc = (u32) msg_hdr->packet;
+	sess = (struct hal_session *)((struct
+			vidc_hal_session_cmd_pkt*) msg_hdr)->session_id;
+
 	switch (msg_hdr->packet) {
 	case HFI_MSG_EVENT_NOTIFY:
-		SANITIZE_SESSION_PKT(msg_hdr);
 		hfi_process_event_notify(callback, device_id,
-			(struct hfi_msg_event_notify_packet *) msg_hdr);
+			(struct hfi_msg_event_notify_packet *) msg_hdr,
+			sessions, session_lock);
 		break;
 	case  HFI_MSG_SYS_INIT_DONE:
 		hfi_process_sys_init_done(callback, device_id,
@@ -1240,10 +1241,10 @@ u32 hfi_process_msg_packet(
 	case HFI_MSG_SYS_IDLE:
 		break;
 	case HFI_MSG_SYS_SESSION_INIT_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_init_done(callback, device_id,
-			(struct hfi_msg_sys_session_init_done_packet *)
-					msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_init_done(callback, device_id,
+				(struct hfi_msg_sys_session_init_done_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SYS_PROPERTY_INFO:
 		hfi_process_sys_property_info(
@@ -1251,85 +1252,85 @@ u32 hfi_process_msg_packet(
 			msg_hdr);
 		break;
 	case HFI_MSG_SYS_SESSION_END_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_end_done(callback, device_id,
-			(struct hfi_msg_sys_session_end_done_packet *)
-					msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_end_done(callback, device_id,
+				(struct hfi_msg_sys_session_end_done_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_LOAD_RESOURCES_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_load_res_done(callback, device_id,
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_load_res_done(callback, device_id,
 			(struct hfi_msg_session_load_resources_done_packet *)
-					msg_hdr);
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_START_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_start_done(callback, device_id,
-			(struct hfi_msg_session_start_done_packet *)
-					msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_start_done(callback, device_id,
+				(struct hfi_msg_session_start_done_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_STOP_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_stop_done(callback, device_id,
-			(struct hfi_msg_session_stop_done_packet *)
-					msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_stop_done(callback, device_id,
+				(struct hfi_msg_session_stop_done_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_EMPTY_BUFFER_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_etb_done(callback, device_id,
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_etb_done(callback, device_id,
 			(struct hfi_msg_session_empty_buffer_done_packet *)
-					msg_hdr);
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_FILL_BUFFER_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_ftb_done(callback, device_id, msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_ftb_done(callback, device_id,
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_FLUSH_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_flush_done(callback, device_id,
-			(struct hfi_msg_session_flush_done_packet *)
-					msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_flush_done(callback, device_id,
+				(struct hfi_msg_session_flush_done_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_PROPERTY_INFO:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_prop_info(callback, device_id,
-			(struct hfi_msg_session_property_info_packet *)
-					msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_prop_info(callback, device_id,
+				(struct hfi_msg_session_property_info_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_RELEASE_RESOURCES_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_rel_res_done(callback, device_id,
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_rel_res_done(callback, device_id,
 			(struct hfi_msg_session_release_resources_done_packet *)
-					msg_hdr);
+						msg_hdr);
 		break;
 	case HFI_MSG_SYS_RELEASE_RESOURCE:
 		hfi_process_sys_rel_resource_done(callback, device_id,
 			(struct hfi_msg_sys_release_resource_done_packet *)
-			msg_hdr);
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_GET_SEQUENCE_HEADER_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_get_seq_hdr_done(
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_get_seq_hdr_done(
 			callback, device_id, (struct
 			hfi_msg_session_get_sequence_header_done_packet*)
-			msg_hdr);
+						msg_hdr);
 		break;
 	case HFI_MSG_SESSION_RELEASE_BUFFERS_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_rel_buf_done(
-			callback, device_id, (struct
-			hfi_msg_session_release_buffers_done_packet*)
-			msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_rel_buf_done(callback, device_id,
+			(struct hfi_msg_session_release_buffers_done_packet *)
+						msg_hdr);
 		break;
 	case HFI_MSG_SYS_SESSION_ABORT_DONE:
-		SANITIZE_SESSION_PKT(msg_hdr);
-		hfi_process_session_abort_done(callback, device_id, (struct
-			hfi_msg_sys_session_abort_done_packet*) msg_hdr);
+		if (!validate_session_pkt(sessions, sess, session_lock))
+			hfi_process_session_abort_done(callback, device_id,
+			(struct hfi_msg_sys_session_abort_done_packet *)
+						msg_hdr);
 		break;
 	default:
 		dprintk(VIDC_DBG, "UNKNOWN_MSG_TYPE : %d", msg_hdr->packet);
 		break;
 	}
-#undef SANITIZE_SESSION_PKT
 	return rc;
 }
-- 
GitLab