diff options
| author | Manoj Prabhu B <bmanoj@codeaurora.org> | 2019-03-12 12:53:24 +0530 |
|---|---|---|
| committer | Manoj Prabhu B <bmanoj@codeaurora.org> | 2019-03-13 10:57:09 +0530 |
| commit | 4a902c0e6b716fcc218a0674dff9854a977e4d20 (patch) | |
| tree | 9c3d8945c5a08e86b70e4fa694fdd1670206a816 /drivers | |
| parent | dbf205bb11e2135bfe07587c1188f90218d5e292 (diff) | |
diag: dci: Prevent task deallocation and possible resource leak
Prevent DCI clients' task structs from being deallocated to provide
diag driver a chance to clean up its dci client list. Also update
dci client list pid reference count properly to prevent any resource
leakage.
Change-Id: Ie15df7103ef1ec733e1e0d08a0a22b4da6b418b3
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/char/diag/diag_dci.c | 18 | ||||
| -rw-r--r-- | drivers/char/diag/diagchar_core.c | 22 |
2 files changed, 34 insertions, 6 deletions
diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c index 4051521583b0..f2eb9b285c67 100644 --- a/drivers/char/diag/diag_dci.c +++ b/drivers/char/diag/diag_dci.c @@ -1537,6 +1537,7 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc) DIAG_LOG(DIAG_DEBUG_PERIPHERALS, "diag: dci client with pid = %d Exited..\n", entry->tgid); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); return; } @@ -1551,9 +1552,12 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc) if (stat) pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n", info.si_int, stat); - } else + } else { pr_err("diag: client data is corrupted, signal data: 0x%x, stat: %d\n", info.si_int, stat); + } + put_task_struct(dci_task); + put_pid(pid_struct); } } } @@ -2305,11 +2309,18 @@ struct diag_dci_client_tbl *dci_lookup_client_entry_pid(int tgid) DIAG_LOG(DIAG_DEBUG_DCI, "diag: valid task doesn't exist for pid = %d\n", entry->tgid); + put_pid(pid_struct); continue; } - if (task_s == entry->client) - if (entry->client->tgid == tgid) + if (task_s == entry->client) { + if (entry->client->tgid == tgid) { + put_task_struct(task_s); + put_pid(pid_struct); return entry; + } + } + put_task_struct(task_s); + put_pid(pid_struct); } return NULL; } @@ -2939,6 +2950,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry) mutex_lock(&driver->dci_mutex); + get_task_struct(current); new_entry->client = current; new_entry->tgid = current->tgid; new_entry->client_info.notification_list = diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c index 5deeac9d80e8..520f553200f5 100644 --- a/drivers/char/diag/diagchar_core.c +++ b/drivers/char/diag/diagchar_core.c @@ -3342,20 +3342,32 @@ exit: DIAG_LOG(DIAG_DEBUG_DCI, "diag: valid task doesn't exist for pid = %d\n", entry->tgid); + put_pid(pid_struct); continue; } - if (task_s == entry->client) - if (entry->client->tgid != current->tgid) + if (task_s == entry->client) { + if (entry->client->tgid != current->tgid) { + put_task_struct(task_s); + put_pid(pid_struct); continue; - if (!entry->in_service) + } + } + if (!entry->in_service) { + put_task_struct(task_s); + put_pid(pid_struct); continue; + } if (copy_to_user(buf + ret, &data_type, sizeof(int))) { + put_task_struct(task_s); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); goto end; } ret += sizeof(int); if (copy_to_user(buf + ret, &entry->client_info.token, sizeof(int))) { + put_task_struct(task_s); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); goto end; } @@ -3367,9 +3379,13 @@ exit: atomic_dec(&driver->data_ready_notif[index]); mutex_unlock(&driver->diagchar_mutex); if (exit_stat == 1) { + put_task_struct(task_s); + put_pid(pid_struct); mutex_unlock(&driver->dci_mutex); goto end; } + put_task_struct(task_s); + put_pid(pid_struct); } mutex_unlock(&driver->dci_mutex); goto end; |