From a9a910d7d067292cbf321b4f3359d03c9fc2791a Mon Sep 17 00:00:00 2001
From: Manoj Prabhu B <bmanoj@codeaurora.org>
Date: Tue, 15 Nov 2016 19:01:54 +0530
Subject: [PATCH] diag: Fix possible access to freed variable

Mdlog structure member - hdlc timer is being accessed after
mdlog session is terminated.
This patch prevents the access to freed variable
by providing session_lock protection.

Change-Id: I1701e57fb4bbb751b76a4f24dc936ac22524e26c
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
---
 drivers/char/diag/diagfwd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/char/diag/diagfwd.c b/drivers/char/diag/diagfwd.c
index 0111b02634c8..876b455624b2 100644
--- a/drivers/char/diag/diagfwd.c
+++ b/drivers/char/diag/diagfwd.c
@@ -1275,6 +1275,7 @@ static uint8_t hdlc_reset;
 
 static void hdlc_reset_timer_start(struct diag_md_session_t *info)
 {
+	mutex_lock(&driver->md_session_lock);
 	if (!hdlc_timer_in_progress) {
 		hdlc_timer_in_progress = 1;
 		if (info)
@@ -1284,6 +1285,7 @@ static void hdlc_reset_timer_start(struct diag_md_session_t *info)
 			mod_timer(&driver->hdlc_reset_timer,
 			  jiffies + msecs_to_jiffies(200));
 	}
+	mutex_unlock(&driver->md_session_lock);
 }
 
 static void hdlc_reset_timer_func(unsigned long data)