diag: Add protection while accessing diag client map (9f22e389) · Commits · e / devices / android_kernel_xiaomi_nabu

drivers/char/diag/diagchar_core.c

+4 −1

Original line number	Original line	Diff line number	Diff line
	/* Copyright (c) 2008-2019, The Linux Foundation. All rights reserved.		/* Copyright (c) 2008-2020, The Linux Foundation. All rights reserved.
	*		*
	* This program is free software; you can redistribute it and/or modify		* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License version 2 and		* it under the terms of the GNU General Public License version 2 and
	@@ -576,6 +576,7 @@ static int diag_remove_client_entry(struct file *file)
	return -EINVAL;		return -EINVAL;
	}		}

			mutex_lock(&driver->diagchar_mutex);
	diagpriv_data = file->private_data;		diagpriv_data = file->private_data;
	for (i = 0; i < driver->num_clients; i++)		for (i = 0; i < driver->num_clients; i++)
	if (diagpriv_data && diagpriv_data->pid ==		if (diagpriv_data && diagpriv_data->pid ==
	@@ -585,11 +586,13 @@ static int diag_remove_client_entry(struct file *file)
	DIAG_LOG(DIAG_DEBUG_USERSPACE,		DIAG_LOG(DIAG_DEBUG_USERSPACE,
	"pid %d, not present in client map\n",		"pid %d, not present in client map\n",
	diagpriv_data->pid);		diagpriv_data->pid);
			mutex_unlock(&driver->diagchar_mutex);
	mutex_unlock(&driver->diag_file_mutex);		mutex_unlock(&driver->diag_file_mutex);
	return -EINVAL;		return -EINVAL;
	}		}
	DIAG_LOG(DIAG_DEBUG_USERSPACE, "diag: %s process exit with pid = %d\n",		DIAG_LOG(DIAG_DEBUG_USERSPACE, "diag: %s process exit with pid = %d\n",
	driver->client_map[i].name, diagpriv_data->pid);		driver->client_map[i].name, diagpriv_data->pid);
			mutex_unlock(&driver->diagchar_mutex);
	/*		/*
	* clean up any DCI registrations, if this is a DCI client		* clean up any DCI registrations, if this is a DCI client
	* This will specially help in case of ungraceful exit of any DCI client		* This will specially help in case of ungraceful exit of any DCI client