diff options
| author | Gopikrishna Mogasati <gmogas@codeaurora.org> | 2017-04-18 03:32:41 +0530 |
|---|---|---|
| committer | Gopikrishna Mogasati <gmogas@codeaurora.org> | 2017-04-19 15:58:32 +0530 |
| commit | 296e5025fafaf101bca3feb3c847db2e782befe9 (patch) | |
| tree | dbbabe741dadd6f535c25ab52af140beba2fbe45 | |
| parent | d5311c5d4300455a7597b7edae08caba84c0a7f8 (diff) | |
diag: Add validity check for process descriptor
This fix checks the validity of memory device session's
process descriptor before issuing a signal to it while
subsystem restart is performed. This fix avoids accessing
of cleaned-up process descriptor's fields.
CRs-Fixed: 2034816
Change-Id: I2725d3348fbeb8290c887cccea4bca6d41c5b184
Signed-off-by: Gopikrishna Mogasati <gmogas@codeaurora.org>
| -rw-r--r-- | drivers/char/diag/diagfwd_cntl.c | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/drivers/char/diag/diagfwd_cntl.c b/drivers/char/diag/diagfwd_cntl.c index ae749725f6db..82a67f1f6f47 100644 --- a/drivers/char/diag/diagfwd_cntl.c +++ b/drivers/char/diag/diagfwd_cntl.c @@ -110,6 +110,8 @@ void diag_notify_md_client(uint8_t peripheral, int data) { int stat = 0; struct siginfo info; + struct pid *pid_struct; + struct task_struct *result; if (peripheral > NUM_PERIPHERALS) return; @@ -122,20 +124,38 @@ void diag_notify_md_client(uint8_t peripheral, int data) info.si_code = SI_QUEUE; info.si_int = (PERIPHERAL_MASK(peripheral) | data); info.si_signo = SIGCONT; - if (driver->md_session_map[peripheral] && - driver->md_session_map[peripheral]->task) { - if (driver->md_session_map[peripheral]-> - md_client_thread_info->task != NULL - && driver->md_session_map[peripheral]->pid == - driver->md_session_map[peripheral]->task->tgid) { + + if (!driver->md_session_map[peripheral] || + driver->md_session_map[peripheral]->pid <= 0) { + pr_err("diag: md_session_map[%d] is invalid\n", peripheral); + mutex_unlock(&driver->md_session_lock); + return; + } + + pid_struct = find_get_pid( + driver->md_session_map[peripheral]->pid); + DIAG_LOG(DIAG_DEBUG_PERIPHERALS, + "md_session_map[%d] pid = %d task = %pK\n", + peripheral, + driver->md_session_map[peripheral]->pid, + driver->md_session_map[peripheral]->task); + + if (pid_struct) { + result = get_pid_task(pid_struct, PIDTYPE_PID); + + if (!result) { DIAG_LOG(DIAG_DEBUG_PERIPHERALS, - "md_session %d pid = %d, md_session %d task tgid = %d\n", - peripheral, - driver->md_session_map[peripheral]->pid, + "diag: md_session_map[%d] with pid = %d Exited..\n", peripheral, - driver->md_session_map[peripheral]->task->tgid); - stat = send_sig_info(info.si_signo, &info, - driver->md_session_map[peripheral]->task); + driver->md_session_map[peripheral]->pid); + mutex_unlock(&driver->md_session_lock); + return; + } + + if (driver->md_session_map[peripheral] && + driver->md_session_map[peripheral]->task == result) { + stat = send_sig_info(info.si_signo, + &info, result); if (stat) pr_err("diag: Err sending signal to memory device client, signal data: 0x%x, stat: %d\n", info.si_int, stat); |