Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2f0435a9 authored Jun 15, 2017 by Mohammed Javid Committed by Gerrit - the friendly Code Review server Jun 23, 2017

msm:ipa: Fix to kasan use-after-free issue



Added mutex lock to query rt table function also to sync
with other ioctl calls in both ipa v2/v3.

Change-Id: I65d46c0ef28b5e6260c92473fd15e9763de20146
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>

parent bc2168f4

drivers/platform/msm/ipa/ipa_v2/ipa_rt.c

+5 −1

Original line number	Original line	Diff line number	Diff line
	@@ -857,12 +857,16 @@ int ipa2_query_rt_index(struct ipa_ioc_get_rt_tbl_indx *in)
	return -EINVAL;		return -EINVAL;
	}		}

			mutex_lock(&ipa_ctx->lock);
	/* check if this table exists */		/* check if this table exists */
	entry = __ipa_find_rt_tbl(in->ip, in->name);		entry = __ipa_find_rt_tbl(in->ip, in->name);
	if (!entry)		if (!entry) {
			mutex_unlock(&ipa_ctx->lock);
	return -EFAULT;		return -EFAULT;
			}

	in->idx = entry->idx;		in->idx = entry->idx;
			mutex_unlock(&ipa_ctx->lock);
	return 0;		return 0;
	}		}

drivers/platform/msm/ipa/ipa_v3/ipa_rt.c

+5 −2

Original line number	Original line	Diff line number	Diff line
	@@ -901,12 +901,15 @@ int ipa3_query_rt_index(struct ipa_ioc_get_rt_tbl_indx *in)
	return -EINVAL;		return -EINVAL;
	}		}

			mutex_lock(&ipa3_ctx->lock);
	/* check if this table exists */		/* check if this table exists */
	entry = __ipa3_find_rt_tbl(in->ip, in->name);		entry = __ipa3_find_rt_tbl(in->ip, in->name);
	if (!entry)		if (!entry) {
			mutex_unlock(&ipa3_ctx->lock);
	return -EFAULT;		return -EFAULT;
			}
	in->idx = entry->idx;		in->idx = entry->idx;
			mutex_unlock(&ipa3_ctx->lock);
	return 0;		return 0;
	}		}