evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

diag: Protect md_info structure while reallocation

Browse source 
The possibility of md_info structure being accessed simultaneously
by two threads is prevented by synchronizing while buffer
reallocation for hdlc encoding. Extend the scope of protection to
md_info till queueing the write to sdcard.

CRs-Fixed: 2279473
Change-Id: I75ddb102adfc6c79f35ed69914c9140cb82894c9
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This commit is contained in:
Manoj Prabhu B 2018-07-25 15:00:19 +05:30 committed by Gerrit - the friendly Code Review server
parent 414b079b7f
commit 013254162a
2 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
drivers/char/diag/diag_memorydevice.c
View file

@ -164,11 +164,12 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx)
return -EIO;
}
pid = session_info->pid;
mutex_unlock(&driver->md_session_lock);
ch = &diag_md[id];
if (!ch || !ch->md_info_inited)
if (!ch || !ch->md_info_inited) {
mutex_unlock(&driver->md_session_lock);
return -EINVAL;
}
spin_lock_irqsave(&ch->lock, flags);
for (i = 0; i < ch->num_tbl_entries && !found; i++) {
@ -184,8 +185,10 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx)
}
spin_unlock_irqrestore(&ch->lock, flags);
if (found)
if (found) {
mutex_unlock(&driver->md_session_lock);
return -ENOMEM;
}
spin_lock_irqsave(&ch->lock, flags);
for (i = 0; i < ch->num_tbl_entries && !found; i++) {
@ -198,6 +201,7 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx)
}
}
spin_unlock_irqrestore(&ch->lock, flags);
mutex_unlock(&driver->md_session_lock);
if (!found) {
pr_err_ratelimited("diag: Unable to find an empty space in table, please reduce logging rate, proc: %d\n",

16
drivers/char/diag/diagfwd_peripheral.c
View file

@ -191,6 +191,7 @@ static int check_bufsize_for_encoding(struct diagfwd_buf_t *buf, uint32_t len)
{
int i, ctx = 0;
uint32_t max_size = 0;
unsigned long flags;
unsigned char *temp_buf = NULL;
struct diag_md_info *ch = NULL;
@ -205,11 +206,16 @@ static int check_bufsize_for_encoding(struct diagfwd_buf_t *buf, uint32_t len)
max_size = MAX_PERIPHERAL_HDLC_BUF_SZ;
}
mutex_lock(&driver->md_session_lock);
if (buf->len < max_size) {
if (driver->logging_mode == DIAG_MEMORY_DEVICE_MODE) {
ch = &diag_md[DIAG_LOCAL_PROC];
for (i = 0; ch != NULL &&
i < ch->num_tbl_entries; i++) {
if (!ch || !ch->md_info_inited) {
mutex_unlock(&driver->md_session_lock);
return -EINVAL;
}
spin_lock_irqsave(&ch->lock, flags);
for (i = 0; i < ch->num_tbl_entries; i++) {
if (ch->tbl[i].buf == buf->data) {
ctx = ch->tbl[i].ctx;
ch->tbl[i].buf = NULL;
@ -222,18 +228,22 @@ static int check_bufsize_for_encoding(struct diagfwd_buf_t *buf, uint32_t len)
break;
}
}
spin_unlock_irqrestore(&ch->lock, flags);
}
temp_buf = krealloc(buf->data, max_size +
APF_DIAG_PADDING,
GFP_KERNEL);
if (!temp_buf)
if (!temp_buf) {
mutex_unlock(&driver->md_session_lock);
return -ENOMEM;
}
DIAG_LOG(DIAG_DEBUG_PERIPHERALS,
"Reallocated data buffer: %pK with size: %d\n",
temp_buf, max_size);
buf->data = temp_buf;
buf->len = max_size;
}
mutex_unlock(&driver->md_session_lock);
}
return buf->len;