evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

msm:ipa: Fix to kasan use-after-free issue

Browse source 
Added mutex lock to query rt table function also to sync
with other ioctl calls in both ipa v2/v3.

Change-Id: I65d46c0ef28b5e6260c92473fd15e9763de20146
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
This commit is contained in:
Mohammed Javid 2017-06-15 18:39:07 +05:30
parent f19eadaabe
commit a950cd0068
2 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/platform/msm/ipa/ipa_v2/ipa_rt.c
View file

@ -857,12 +857,16 @@ int ipa2_query_rt_index(struct ipa_ioc_get_rt_tbl_indx *in)
return -EINVAL;
}
mutex_lock(&ipa_ctx->lock);
/* check if this table exists */
entry = __ipa_find_rt_tbl(in->ip, in->name);
if (!entry)
if (!entry) {
mutex_unlock(&ipa_ctx->lock);
return -EFAULT;
}
in->idx = entry->idx;
mutex_unlock(&ipa_ctx->lock);
return 0;
}

7
drivers/platform/msm/ipa/ipa_v3/ipa_rt.c
View file

@ -727,12 +727,15 @@ int ipa3_query_rt_index(struct ipa_ioc_get_rt_tbl_indx *in)
return -EINVAL;
}
mutex_lock(&ipa3_ctx->lock);
/* check if this table exists */
entry = __ipa3_find_rt_tbl(in->ip, in->name);
if (!entry)
if (!entry) {
mutex_unlock(&ipa3_ctx->lock);
return -EFAULT;
}
in->idx = entry->idx;
mutex_unlock(&ipa3_ctx->lock);
return 0;
}