evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

power: qcom: msm-core: Add mutex lock for ioctl

Browse source 
There can be use after free with multiple ioctl calls.
Add mutex lock when updating userspace power.

Change-Id: Ieae08d05478a462b19cf7f91b64267177eaebe84
Signed-off-by: Maulik Shah <mkshah@codeaurora.org>
This commit is contained in:
Maulik Shah 2017-11-10 11:51:01 +05:30 committed by Gerrit - the friendly Code Review server
parent b0ba6e4792
commit bddfadfc2a
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
drivers/power/qcom/msm-core.c
View file

@ -409,9 +409,10 @@ static int update_userspace_power(struct sched_params __user *argp)
if (!sp)
return -ENOMEM;
mutex_lock(&policy_update_mutex);
sp->power = allocate_2d_array_uint32_t(node->sp->num_of_freqs);
if (IS_ERR_OR_NULL(sp->power)) {
mutex_unlock(&policy_update_mutex);
ret = PTR_ERR(sp->power);
kfree(sp);
return ret;
@ -455,6 +456,7 @@ static int update_userspace_power(struct sched_params __user *argp)
}
}
spin_unlock(&update_lock);
mutex_unlock(&policy_update_mutex);
for_each_possible_cpu(cpu) {
if (!pdata_valid[cpu])
@ -468,6 +470,7 @@ static int update_userspace_power(struct sched_params __user *argp)
return 0;
failed:
mutex_unlock(&policy_update_mutex);
for (i = 0; i < TEMP_DATA_POINTS; i++)
kfree(sp->power[i]);
kfree(sp->power);