evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

diag: Add protection while de-initializing clients

Browse source 
Currently, while de-initializing clients, there is
a possibility of using already freed memory. The
patch adds proper protection to fix the issue.

CRs-Fixed: 2068569
Change-Id: I4b397a82e03fa2f1c84cfa8ca912cdb6a51ba08b
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
This commit is contained in:
Mohit Aggarwal 2017-07-06 10:16:52 +05:30 committed by Gerrit - the friendly Code Review server
parent 9fa4a186c0
commit c032cdd08e
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/char/diag/diagchar_core.c
View file

@ -1836,14 +1836,18 @@ static int diag_ioctl_lsm_deinit(void)
{ {
int i; int i;
mutex_lock(&driver->diagchar_mutex);
for (i = 0; i < driver->num_clients; i++) for (i = 0; i < driver->num_clients; i++)
if (driver->client_map[i].pid == current->tgid) if (driver->client_map[i].pid == current->tgid)
break; break;
if (i == driver->num_clients) if (i == driver->num_clients) {
mutex_unlock(&driver->diagchar_mutex);
return -EINVAL; return -EINVAL;
}
driver->data_ready[i] |= DEINIT_TYPE; driver->data_ready[i] |= DEINIT_TYPE;
mutex_unlock(&driver->diagchar_mutex);
wake_up_interruptible(&driver->wait_q); wake_up_interruptible(&driver->wait_q);
return 1; return 1;