Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 54584f4f authored by Anirudh Raghavendra's avatar Anirudh Raghavendra Committed by Gerrit - the friendly Code Review server
Browse files

msm:adsprpc: Prevent use after free in fastrpc_set_process_info 



Serialize kzalloc in fastrpc_set_process_info and prevent use
after free.

Change-Id: I02d62182a234ef40ce33165247fc578f6727d27a
Signed-off-by: default avatarAnirudh Raghavendra <araghave@codeaurora.org>
parent ba87aa9b

drivers/char/adsprpc.c

+10 −0
Original line number Diff line number Diff line
@@ -476,6 +476,8 @@ struct fastrpc_file { 
	/* Flag to enable PM wake/relax voting for every remote invoke */

	int wake_enable;

	uint32_t ws_timeout;

	/* To indicate attempt has been made to allocate memory for debug_buf */

	int debug_buf_alloced_attempted;

};



static struct fastrpc_apps gfa;
@@ -4071,6 +4073,14 @@ static int fastrpc_set_process_info(struct fastrpc_file *fl) 
	if (debugfs_root) {

		buf_size = strlen(current->comm) + strlen("_")

			+ strlen(strpid) + 1;



		spin_lock(&fl->hlock);

		if (fl->debug_buf_alloced_attempted) {

			spin_unlock(&fl->hlock);

			return err;

		}

		fl->debug_buf_alloced_attempted = 1;

		spin_unlock(&fl->hlock);

		fl->debug_buf = kzalloc(buf_size, GFP_KERNEL);

		if (!fl->debug_buf) {

			err = -ENOMEM;