Commit 49cd43d0 authored Feb 19, 2019 by Subash Abhinov Kasiviswanathan Committed by Gerrit - the friendly Code Review server Feb 21, 2019

soc: qmi: dfc: Fix use after free in dfc_svc_init



This change fixes a use after free issue when cleanup is triggered
before dfc client init is completed.
A check is added to both qmi_rmnet_has_client and
qmi_rmnet_has_pending to prevent qmi and port being freed before
the second dfc client is deleted.

Change-Id: I6e37c8e77cee745fabd376f38f0384f364abe5e7
Acked-by: Ning Cai <ncai@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>

parent 03cafa97

drivers/soc/qcom/qmi_rmnet.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -453,7 +453,7 @@ __qmi_rmnet_delete_client(void port, struct qmi_info qmi, int idx)
		qmi->dfc_pending[idx] = NULL;
		}

		if (!qmi_rmnet_has_client(qmi)) {
		if (!qmi_rmnet_has_client(qmi) && !qmi_rmnet_has_pending(qmi)) {
		rmnet_reset_qmi_pt(port);
		kfree(qmi);
		return 0;