Merge "diag: dci: Prevent task deallocation and possible resource leak" (5f23998b) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/char/diag/diag_dci.c

+18 −3

Original line number	Diff line number	Diff line
		@@ -1539,6 +1539,7 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc)
		DIAG_LOG(DIAG_DEBUG_PERIPHERALS,
		"diag: dci client with pid = %d Exited..\n",
		entry->tgid);
		put_pid(pid_struct);
		mutex_unlock(&driver->dci_mutex);
		return;
		}
		@@ -1553,10 +1554,13 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc)
		if (stat)
		pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n",
		info.si_int, stat);
		} else
		} else {
		pr_err("diag: client data is corrupted, signal data: 0x%x, stat: %d\n",
		info.si_int, stat);
		}
		put_task_struct(dci_task);
		put_pid(pid_struct);
		}
		}
		}
		mutex_unlock(&driver->dci_mutex);
		@@ -2312,12 +2316,19 @@ struct diag_dci_client_tbl *dci_lookup_client_entry_pid(int tgid)
		DIAG_LOG(DIAG_DEBUG_DCI,
		"diag: valid task doesn't exist for pid = %d\n",
		entry->tgid);
		put_pid(pid_struct);
		continue;
		}
		if (task_s == entry->client)
		if (entry->client->tgid == tgid)
		if (task_s == entry->client) {
		if (entry->client->tgid == tgid) {
		put_task_struct(task_s);
		put_pid(pid_struct);
		return entry;
		}
		}
		put_task_struct(task_s);
		put_pid(pid_struct);
		}
		return NULL;
		}

		@@ -2939,6 +2950,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry)

		mutex_lock(&driver->dci_mutex);

		get_task_struct(current);
		new_entry->client = current;
		new_entry->tgid = current->tgid;
		new_entry->client_info.notification_list =
		@@ -3093,6 +3105,9 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry)
		return DIAG_DCI_NO_REG;
		driver->num_dci_client--;
		driver->dci_client_id[entry->client_info.client_id - 1] = 0;

		put_task_struct(entry->client);
		entry->client = NULL;
		/*
		* Clear the client's log and event masks, update the cumulative
		* masks and send the masks to peripherals

drivers/char/diag/diagchar_core.c

+20 −3

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@
		#include <linux/sched.h>
		#include <linux/ratelimit.h>
		#include <linux/timer.h>
		#include <linux/sched/task.h>
		#ifdef CONFIG_DIAG_OVER_USB
		#include <linux/usb/usbdiag.h>
		#endif
		@@ -3662,20 +3663,32 @@ static ssize_t diagchar_read(struct file file, char __user buf, size_t count,
		DIAG_LOG(DIAG_DEBUG_DCI,
		"diag: valid task doesn't exist for pid = %d\n",
		entry->tgid);
		put_pid(pid_struct);
		continue;
		}
		if (task_s == entry->client)
		if (entry->client->tgid != current->tgid)
		if (task_s == entry->client) {
		if (entry->client->tgid != current->tgid) {
		put_task_struct(task_s);
		put_pid(pid_struct);
		continue;
		if (!entry->in_service)
		}
		}
		if (!entry->in_service) {
		put_task_struct(task_s);
		put_pid(pid_struct);
		continue;
		}
		if (copy_to_user(buf + ret, &data_type, sizeof(int))) {
		put_task_struct(task_s);
		put_pid(pid_struct);
		mutex_unlock(&driver->dci_mutex);
		goto end;
		}
		ret += sizeof(int);
		if (copy_to_user(buf + ret, &entry->client_info.token,
		sizeof(int))) {
		put_task_struct(task_s);
		put_pid(pid_struct);
		mutex_unlock(&driver->dci_mutex);
		goto end;
		}
		@@ -3687,9 +3700,13 @@ static ssize_t diagchar_read(struct file file, char __user buf, size_t count,
		atomic_dec(&driver->data_ready_notif[index]);
		mutex_unlock(&driver->diagchar_mutex);
		if (exit_stat == 1) {
		put_task_struct(task_s);
		put_pid(pid_struct);
		mutex_unlock(&driver->dci_mutex);
		goto end;
		}
		put_task_struct(task_s);
		put_pid(pid_struct);
		}
		mutex_unlock(&driver->dci_mutex);
		goto end;