diff options
| author | Linux Build Service Account <lnxbuild@quicinc.com> | 2017-05-16 16:08:16 -0700 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-05-16 16:08:16 -0700 |
| commit | 5404e35069576a8cd8203065f60975e34a5f727b (patch) | |
| tree | 61c94bd5d3888fac6767716192520d1efc227a73 | |
| parent | d573c819eae7c2baa132a00122f8d1c031c31ced (diff) | |
| parent | 7fbbf8a3069c12a47c5cfd4f797dea945e7daf2a (diff) | |
Merge "msm: ADSPRPC: Copy process name buffer to kernel space"
| -rw-r--r-- | drivers/char/adsprpc.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c index 38da42906994..1b76f58809b3 100644 --- a/drivers/char/adsprpc.c +++ b/drivers/char/adsprpc.c @@ -1585,6 +1585,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, struct fastrpc_ioctl_init *init = &uproc->init; struct smq_phy_page pages[1]; struct fastrpc_mmap *file = 0, *mem = 0; + char *proc_name = NULL; int srcVM[1] = {VMID_HLOS}; int destVM[1] = {VMID_ADSP_Q6}; int destVMperm[1] = {PERM_READ | PERM_WRITE | PERM_EXEC}; @@ -1680,12 +1681,18 @@ static int fastrpc_init_process(struct fastrpc_file *fl, uint64_t phys = 0; ssize_t size = 0; int fds[3]; - char *proc_name = (unsigned char *)init->file; struct { int pgid; int namelen; int pageslen; } inbuf; + VERIFY(err, proc_name = kzalloc(init->filelen, GFP_KERNEL)); + if (err) + goto bail; + VERIFY(err, 0 == copy_from_user(proc_name, + (unsigned char *)init->file, init->filelen)); + if (err) + goto bail; inbuf.pgid = current->tgid; inbuf.namelen = strlen(proc_name)+1; inbuf.pageslen = 0; @@ -1738,6 +1745,7 @@ static int fastrpc_init_process(struct fastrpc_file *fl, err = -ENOTTY; } bail: + kfree(proc_name); if (err && (init->flags == FASTRPC_INIT_CREATE_STATIC)) me->staticpd_flags = 0; if (mem && err) { |