From 120427c62d148587521a6ce3198d7529435ce242 Mon Sep 17 00:00:00 2001 From: Gaurav Kohli Date: Wed, 5 Oct 2016 12:34:02 +0530 Subject: [PATCH] soc: qcom: Use syncronization while freeing the qmi_client data Potential use after free possibility when trying to access qmi client data in the ssr notification and root pd_down notification handling. CRs-Fixed: 1074483 Change-Id: I5390810861dbc1da368757df2b20e5daa35bd081 Signed-off-by: Gaurav Kohli --- drivers/soc/qcom/service-notifier.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/soc/qcom/service-notifier.c b/drivers/soc/qcom/service-notifier.c index 28b47ca6112a..504a3263253c 100644 --- a/drivers/soc/qcom/service-notifier.c +++ b/drivers/soc/qcom/service-notifier.c @@ -114,6 +114,7 @@ struct qmi_client_info { }; static LIST_HEAD(qmi_client_list); static DEFINE_MUTEX(qmi_list_lock); +static DEFINE_MUTEX(qmi_client_release_lock); static DEFINE_MUTEX(notif_add_lock); @@ -417,9 +418,11 @@ static void root_service_service_exit(struct qmi_client_info *data, * Destroy client handle and try connecting when * service comes up again. */ + mutex_lock(&qmi_client_release_lock); data->service_connected = false; qmi_handle_destroy(data->clnt_handle); data->clnt_handle = NULL; + mutex_unlock(&qmi_client_release_lock); } static void root_service_exit_work(struct work_struct *work)