diag: dci: Add validity check for dci client's process descriptor (a14365d9) · Commits · e / devices / android_kernel_xiaomi_markw

drivers/char/diag/diag_dci.c

+27 −13

Original line number	Diff line number	Diff line
		@@ -1362,10 +1362,12 @@ void diag_dci_channel_open_work(struct work_struct *work)

		void diag_dci_notify_client(int peripheral_mask, int data, int proc)
		{
		int stat;
		int stat = 0;
		struct siginfo info;
		struct list_head start, temp;
		struct diag_dci_client_tbl *entry = NULL;
		struct pid *pid_struct = NULL;
		struct task_struct *dci_task = NULL;

		memset(&info, 0, sizeof(struct siginfo));
		info.si_code = SI_QUEUE;
		@@ -1383,14 +1385,25 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc)
		continue;
		if (entry->client_info.notification_list & peripheral_mask) {
		info.si_signo = entry->client_info.signal_type;
		pid_struct = find_get_pid(entry->tgid);
		if (pid_struct) {
		dci_task = get_pid_task(pid_struct,
		PIDTYPE_PID);
		if (!dci_task) {
		DIAG_LOG(DIAG_DEBUG_PERIPHERALS,
		"diag: dci client with pid = %d Exited..\n",
		entry->tgid);
		mutex_unlock(&driver->dci_mutex);
		return;
		}
		if (entry->client &&
		entry->tgid == entry->client->tgid) {
		entry->tgid == dci_task->tgid) {
		DIAG_LOG(DIAG_DEBUG_DCI,
		"entry tgid = %d, dci client tgid = %d\n",
		entry->tgid, entry->client->tgid);
		entry->tgid, dci_task->tgid);
		stat = send_sig_info(
		entry->client_info.signal_type,
		&info, entry->client);
		&info, dci_task);
		if (stat)
		pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n",
		info.si_int, stat);
		@@ -1399,6 +1412,7 @@ void diag_dci_notify_client(int peripheral_mask, int data, int proc)
		info.si_int, stat);
		}
		}
		}
		mutex_unlock(&driver->dci_mutex);
		}