power: qcom: msm-core: Add mutex lock for ioctl

There can be use after free with multiple ioctl calls. Add mutex lock when updating userspace power. Change-Id: Ieae08d05478a462b19cf7f91b64267177eaebe84 Signed-off-by: Maulik Shah <mkshah@codeaurora.org>
author: Maulik Shah <mkshah@codeaurora.org> 2017-11-10 11:51:01 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-11-12 21:15:40 -0800
commit: bddfadfc2afa1a1089825f88640f013c45c7bae2 (patch)
tree: 4577a6ed26e3ba2e4c56b5d7952673208bc343e1 /drivers/power
parent: b0ba6e47923aba09cf52ec9a92c12b114462bd9a (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/drivers/power/qcom/msm-core.c b/drivers/power/qcom/msm-core.c
index 825c27e7a4c1..224a52a0306d 100644
--- a/drivers/power/qcom/msm-core.c
+++ b/drivers/power/qcom/msm-core.c
@@ -409,9 +409,10 @@ static int update_userspace_power(struct sched_params __user *argp)
 	if (!sp)
 		return -ENOMEM;
 
-
+	mutex_lock(&policy_update_mutex);
 	sp->power = allocate_2d_array_uint32_t(node->sp->num_of_freqs);
 	if (IS_ERR_OR_NULL(sp->power)) {
+		mutex_unlock(&policy_update_mutex);
 		ret = PTR_ERR(sp->power);
 		kfree(sp);
 		return ret;
@@ -455,6 +456,7 @@ static int update_userspace_power(struct sched_params __user *argp)
 		}
 	}
 	spin_unlock(&update_lock);
+	mutex_unlock(&policy_update_mutex);
 
 	for_each_possible_cpu(cpu) {
 		if (!pdata_valid[cpu])
@@ -468,6 +470,7 @@ static int update_userspace_power(struct sched_params __user *argp)
 	return 0;
 
 failed:
+	mutex_unlock(&policy_update_mutex);
 	for (i = 0; i < TEMP_DATA_POINTS; i++)
 		kfree(sp->power[i]);
 	kfree(sp->power);
author	Maulik Shah <mkshah@codeaurora.org>	2017-11-10 11:51:01 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-11-12 21:15:40 -0800
commit	bddfadfc2afa1a1089825f88640f013c45c7bae2 (patch)
tree	4577a6ed26e3ba2e4c56b5d7952673208bc343e1 /drivers/power
parent	b0ba6e47923aba09cf52ec9a92c12b114462bd9a (diff)