diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2019-03-14 09:30:12 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-03-14 09:30:11 -0700 |
| commit | 65a54cf546e3a850609364413a8397e0cff3d377 (patch) | |
| tree | 252ec6b0fdaeb4d6e8a1c5fabeeee64c68eb710c /drivers/char | |
| parent | 032f9c9018b968ec5b20195660f85e3c1c104e1c (diff) | |
| parent | 4a902c0e6b716fcc218a0674dff9854a977e4d20 (diff) | |
Merge "diag: dci: Prevent task deallocation and possible resource leak"
Diffstat (limited to 'drivers/char')
| -rw-r--r-- | drivers/char/diag/diag_dci.c | 18 | ||||
| -rw-r--r-- | drivers/char/diag/diagchar_core.c | 22 |
2 files changed, 34 insertions, 6 deletions
diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c index 4051521583b0..f2eb9b285c67 100644 --- a/drivers/char/diag/diag_dci.c +++ b/drivers/char/diag/diag_dci.c @@ -1537,6 +1537,7 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc) DIAG_LOG(DIAG_DEBUG_PERIPHERALS, "diag: dci client with pid = %d Exited..\n", entry->tgid); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); return; } @@ -1551,9 +1552,12 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc) if (stat) pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n", info.si_int, stat); - } else + } else { pr_err("diag: client data is corrupted, signal data: 0x%x, stat: %d\n", info.si_int, stat); + } + put_task_struct(dci_task); + put_pid(pid_struct); } } } @@ -2305,11 +2309,18 @@ struct diag_dci_client_tbl *dci_lookup_client_entry_pid(int tgid) DIAG_LOG(DIAG_DEBUG_DCI, "diag: valid task doesn't exist for pid = %d\n", entry->tgid); + put_pid(pid_struct); continue; } - if (task_s == entry->client) - if (entry->client->tgid == tgid) + if (task_s == entry->client) { + if (entry->client->tgid == tgid) { + put_task_struct(task_s); + put_pid(pid_struct); return entry; + } + } + put_task_struct(task_s); + put_pid(pid_struct); } return NULL; } @@ -2939,6 +2950,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry) mutex_lock(&driver->dci_mutex); + get_task_struct(current); new_entry->client = current; new_entry->tgid = current->tgid; new_entry->client_info.notification_list = diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c index 5deeac9d80e8..520f553200f5 100644 --- a/drivers/char/diag/diagchar_core.c +++ b/drivers/char/diag/diagchar_core.c @@ -3342,20 +3342,32 @@ exit: DIAG_LOG(DIAG_DEBUG_DCI, "diag: valid task doesn't exist for pid = %d\n", entry->tgid); + put_pid(pid_struct); continue; } - if (task_s == entry->client) - if (entry->client->tgid != current->tgid) + if (task_s == entry->client) { + if (entry->client->tgid != current->tgid) { + put_task_struct(task_s); + put_pid(pid_struct); continue; - if (!entry->in_service) + } + } + if (!entry->in_service) { + put_task_struct(task_s); + put_pid(pid_struct); continue; + } if (copy_to_user(buf + ret, &data_type, sizeof(int))) { + put_task_struct(task_s); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); goto end; } ret += sizeof(int); if (copy_to_user(buf + ret, &entry->client_info.token, sizeof(int))) { + put_task_struct(task_s); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); goto end; } @@ -3367,9 +3379,13 @@ exit: atomic_dec(&driver->data_ready_notif[index]); mutex_unlock(&driver->diagchar_mutex); if (exit_stat == 1) { + put_task_struct(task_s); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); goto end; } + put_task_struct(task_s); + put_pid(pid_struct); } mutex_unlock(&driver->dci_mutex); goto end; |