Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 47193a1d authored Jun 15, 2017 by Mohammed Javid

msm:ipa: Fix to kasan use-after-free issue



Added mutex lock to query rt table function also to sync
with other ioctl calls in both ipa v2/v3.

Change-Id: I65d46c0ef28b5e6260c92473fd15e9763de20146
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>

parent ffd90498

drivers/platform/msm/ipa/ipa_v2/ipa_rt.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -854,12 +854,16 @@ int ipa2_query_rt_index(struct ipa_ioc_get_rt_tbl_indx *in)
		return -EINVAL;
		}

		mutex_lock(&ipa_ctx->lock);
		/* check if this table exists */
		entry = __ipa_find_rt_tbl(in->ip, in->name);
		if (!entry)
		if (!entry) {
		mutex_unlock(&ipa_ctx->lock);
		return -EFAULT;
		}

		in->idx = entry->idx;
		mutex_unlock(&ipa_ctx->lock);
		return 0;
		}

drivers/platform/msm/ipa/ipa_v3/ipa_rt.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -724,12 +724,15 @@ int ipa3_query_rt_index(struct ipa_ioc_get_rt_tbl_indx *in)
		return -EINVAL;
		}

		mutex_lock(&ipa3_ctx->lock);
		/* check if this table exists */
		entry = __ipa3_find_rt_tbl(in->ip, in->name);
		if (!entry)
		if (!entry) {
		mutex_unlock(&ipa3_ctx->lock);
		return -EFAULT;

		}
		in->idx = entry->idx;
		mutex_unlock(&ipa3_ctx->lock);
		return 0;
		}