evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

net: ipc_router: Add a dummy write_space callback

Browse source 
IPC Router assigns NULL to write_space callback for all sockets in its
family by defaults. The setsockopt operation with SO_SNDBUF option
accesses write_space callback without checking its validity. This may
lead to a NULL pointer dereferencing when that operation is performed.

Assign a dummy write_space callback operation by default to all IPC Router
sockets.

CRs-Fixed: 1025150
Change-Id: Id2454683116c948b7bb4fa3c50a91a5a9585a491
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
This commit is contained in:
Karthikeyan Ramasubramanian 2016-06-02 12:01:34 -06:00 committed by Kyle Yan
parent f9be69b924
commit bf40e26c89
3 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
net/ipc_router/ipc_router_core.c
View file

@ -1524,6 +1524,14 @@ static int msm_ipc_router_lookup_resume_tx_port(
return 0; return 0;
} }
/**
* ipc_router_dummy_write_space() - Dummy write space available callback
* @sk: Socket pointer for which the callback is called.
*/
void ipc_router_dummy_write_space(struct sock *sk)
{
}
/** /**
* post_resume_tx() - Post the resume_tx event * post_resume_tx() - Post the resume_tx event
* @rport_ptr: Pointer to the remote port * @rport_ptr: Pointer to the remote port
@ -1560,10 +1568,11 @@ static void post_resume_tx(struct msm_ipc_router_remote_port *rport_ptr,
read_lock(&sk->sk_callback_lock); read_lock(&sk->sk_callback_lock);
write_space = sk->sk_write_space; write_space = sk->sk_write_space;
read_unlock(&sk->sk_callback_lock); read_unlock(&sk->sk_callback_lock);
if (write_space)
write_space(sk);
} }
if (!write_space) if (write_space &&
write_space != ipc_router_dummy_write_space)
write_space(sk);
else
post_pkt_to_port(local_port, pkt, 1); post_pkt_to_port(local_port, pkt, 1);
} else { } else {
IPC_RTR_ERR("%s: Local Port %d not Found", IPC_RTR_ERR("%s: Local Port %d not Found",

8
net/ipc_router/ipc_router_private.h
View file

@ -1,4 +1,4 @@
/* Copyright (c) 2011-2015, The Linux Foundation. All rights reserved. /* Copyright (c) 2011-2016, The Linux Foundation. All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and * it under the terms of the GNU General Public License version 2 and
@ -141,4 +141,10 @@ void *msm_ipc_load_default_node(void);
void msm_ipc_unload_default_node(void *pil); void msm_ipc_unload_default_node(void *pil);
/**
* ipc_router_dummy_write_space() - Dummy write space available callback
* @sk: Socket pointer for which the callback is called.
*/
void ipc_router_dummy_write_space(struct sock *sk);
#endif #endif

2
net/ipc_router/ipc_router_socket.c
View file

@ -198,7 +198,7 @@ static int msm_ipc_router_create(struct net *net,
sock->ops = &msm_ipc_proto_ops; sock->ops = &msm_ipc_proto_ops;
sock_init_data(sock, sk); sock_init_data(sock, sk);
sk->sk_data_ready = NULL; sk->sk_data_ready = NULL;
sk->sk_write_space = NULL; sk->sk_write_space = ipc_router_dummy_write_space;
sk->sk_rcvtimeo = DEFAULT_RCV_TIMEO; sk->sk_rcvtimeo = DEFAULT_RCV_TIMEO;
sk->sk_sndtimeo = DEFAULT_SND_TIMEO; sk->sk_sndtimeo = DEFAULT_SND_TIMEO;