smcinvoke: Move IPC_LOG before deleting cb_txn

Anmolpreet Kaur · Anmolpreet Kaur · commit 07e8c4b8d300 · 2021-04-30T22:33:35.000+05:30
Move IPC_LOG inside mutex lock and bfefore deleting
cb_txn inside process_tzcb_req to make sure that
we are not accessing cb_req value that has gone bad.

Change-Id: Icc04bab52d1364d883b0a4bb07ff4cf2cc8ce6f8
Signed-off-by: Anmolpreet Kaur &lt;anmolpre@codeaurora.org&gt;
diff --git a/drivers/soc/qcom/smcinvoke.c b/drivers/soc/qcom/smcinvoke.c
@@ -1194,16 +1194,15 @@ static void process_tzcb_req(void *buf, size_t buf_len, struct file **arr_filp)
 	}
 	--cb_reqs_inflight;
 	memcpy(buf, cb_req, buf_len);
+	IPC_LOG("result=%d tzhandle=0x%08x op=0x%02x counts=0x%04x, cb_reqs_inflight=%d",
+			cb_req->result,
+			cb_req->hdr.tzhandle, cb_req->hdr.op, cb_req->hdr.counts,
+			cb_reqs_inflight);
 	kref_put(&cb_txn->ref_cnt, delete_cb_txn);
 	if (srvr_info)
 		kref_put(&srvr_info->ref_cnt, destroy_cb_server);
 	mutex_unlock(&g_smcinvoke_lock);
 
-	IPC_LOG("result=%d tzhandle=0x%08x op=0x%02x counts=0x%04x, cb_reqs_inflight=%d",
-					cb_req->result,
-					cb_req->hdr.tzhandle, cb_req->hdr.op, cb_req->hdr.counts,
-					cb_reqs_inflight);
-
 }
 
 static int marshal_out_invoke_req(const uint8_t *buf, uint32_t buf_size,
