Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit de76d3c4 authored by Maulik Shah's avatar Maulik Shah
Browse files

power: qcom: msm-core: Add mutex lock for ioctl 



There can be use after free with multiple ioctl calls.
Add mutex lock when updating userspace power.

Change-Id: Ieae08d05478a462b19cf7f91b64267177eaebe84
Signed-off-by: default avatarMaulik Shah <mkshah@codeaurora.org>
Signed-off-by: default avatarMahesh Sivasubramanian <msivasub@codeaurora.org>
parent 714bfa4f

drivers/power/qcom/msm-core.c

+4 −1
Original line number Original line Diff line number Diff line
@@ -407,9 +407,10 @@ static int update_userspace_power(struct sched_params __user *argp) 
	if (!sp)

	if (!sp)

		return -ENOMEM;

		return -ENOMEM;







	mutex_lock(&policy_update_mutex);

	sp->power = allocate_2d_array_uint32_t(node->sp->num_of_freqs);

	sp->power = allocate_2d_array_uint32_t(node->sp->num_of_freqs);

	if (IS_ERR_OR_NULL(sp->power)) {

	if (IS_ERR_OR_NULL(sp->power)) {

		mutex_unlock(&policy_update_mutex);

		ret = PTR_ERR(sp->power);

		ret = PTR_ERR(sp->power);

		kfree(sp);

		kfree(sp);

		return ret;

		return ret;
@@ -453,6 +454,7 @@ static int update_userspace_power(struct sched_params __user *argp) 
		}

		}

	}

	}

	spin_unlock(&update_lock);

	spin_unlock(&update_lock);

	mutex_unlock(&policy_update_mutex);





	for_each_possible_cpu(cpu) {

	for_each_possible_cpu(cpu) {

		if (!pdata_valid[cpu])

		if (!pdata_valid[cpu])
@@ -466,6 +468,7 @@ static int update_userspace_power(struct sched_params __user *argp) 
	return 0;

	return 0;





failed:

failed:

	mutex_unlock(&policy_update_mutex);

	for (i = 0; i < TEMP_DATA_POINTS; i++)

	for (i = 0; i < TEMP_DATA_POINTS; i++)

		kfree(sp->power[i]);

		kfree(sp->power[i]);

	kfree(sp->power);

	kfree(sp->power);