msm: sde: Avoid NULL pointer dereference in cancel request

There is a race condition possible when two threads are calling the rotator cancel request. This might result in accessing a pointer which was already assigned NULL. Fixing this by adding an extra check. Change-Id: I9ce321a5f033d1fdc9d8b70a04098bfba3d7baaa Signed-off-by: Krishna Chaitanya Devarakonda <kdevarak@codeaurora.org>
author: Krishna Chaitanya Devarakonda <kdevarak@codeaurora.org> 2017-08-31 21:24:53 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-09-04 22:43:21 -0700
commit: f696aed9e703de20fa0dc3e1cba9687b11dc7b3a (patch)
tree: 407dd7041eed43ce20f4cdfe0a1c8f7ac92792be
parent: a2e923bd7d0cca53287c5806d8cc130737ac30a0 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/drivers/media/platform/msm/sde/rotator/sde_rotator_core.c b/drivers/media/platform/msm/sde/rotator/sde_rotator_core.c
index abf20aef1256..422c7a590a45 100644
--- a/drivers/media/platform/msm/sde/rotator/sde_rotator_core.c
+++ b/drivers/media/platform/msm/sde/rotator/sde_rotator_core.c
@@ -2003,8 +2003,10 @@ static void sde_rotator_cancel_request(struct sde_rot_mgr *mgr,
 		sde_rot_mgr_unlock(mgr);
 		for (i = req->count - 1; i >= 0; i--) {
 			entry = req->entries + i;
-			flush_kthread_worker(&entry->commitq->rot_kw);
-			flush_kthread_worker(&entry->doneq->rot_kw);
+			if (entry->commitq)
+				flush_kthread_worker(&entry->commitq->rot_kw);
+			if (entry->doneq)
+				flush_kthread_worker(&entry->doneq->rot_kw);
 		}
 		sde_rot_mgr_lock(mgr);
 		SDEROT_DBG("cancel work done\n");
author	Krishna Chaitanya Devarakonda <kdevarak@codeaurora.org>	2017-08-31 21:24:53 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-09-04 22:43:21 -0700
commit	f696aed9e703de20fa0dc3e1cba9687b11dc7b3a (patch)
tree	407dd7041eed43ce20f4cdfe0a1c8f7ac92792be
parent	a2e923bd7d0cca53287c5806d8cc130737ac30a0 (diff)