DivestOS/Patches/Linux_CVEs/CVE-2017-8281/ANY/1.patch

From d4ff2f45e486f532f4c9a01deb1c79f659ef3438 Mon Sep 17 00:00:00 2001
From: Mohit Aggarwal <maggarwa@codeaurora.org>
Date: Sat, 22 Apr 2017 10:49:18 +0530
Subject: diag: dci: Add protection while querying event status

Currently, protection is missing when querying event
status due to which already removed dci client entry
might be accessed. This patch takes care of issue by
taking proper locking.

CRs-Fixed: 2015892
Change-Id: I4195c4c6198d85e96559f1728d74419527a76bc5
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
---
 drivers/char/diag/diagchar_core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c
index ffb34fb..ed473f9 100644
--- a/drivers/char/diag/diagchar_core.c
+++ b/drivers/char/diag/diagchar_core.c
@@ -1379,7 +1379,9 @@ long diagchar_ioctl(struct file *filp,
 		result = diag_ioctl_dci_log_status(ioarg);
 		break;
 	case DIAG_IOCTL_DCI_EVENT_STATUS:
+		mutex_lock(&driver->dci_mutex);
 		result = diag_ioctl_dci_event_status(ioarg);
+		mutex_unlock(&driver->dci_mutex);
 		break;
 	case DIAG_IOCTL_DCI_CLEAR_LOGS:
 		if (copy_from_user((void *)&client_id, (void __user *)ioarg,
-- 
cgit v1.1
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From d4ff2f45e486f532f4c9a01deb1c79f659ef3438 Mon Sep 17 00:00:00 2001`
			`From: Mohit Aggarwal <maggarwa@codeaurora.org>`
			`Date: Sat, 22 Apr 2017 10:49:18 +0530`
			`Subject: diag: dci: Add protection while querying event status`

			`Currently, protection is missing when querying event`
			`status due to which already removed dci client entry`
			`might be accessed. This patch takes care of issue by`
			`taking proper locking.`

			`CRs-Fixed: 2015892`
			`Change-Id: I4195c4c6198d85e96559f1728d74419527a76bc5`
			`Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>`
			`---`
			`drivers/char/diag/diagchar_core.c \| 2 ++`
			`1 file changed, 2 insertions(+)`

			`diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c`
			`index ffb34fb..ed473f9 100644`
			`--- a/drivers/char/diag/diagchar_core.c`
			`+++ b/drivers/char/diag/diagchar_core.c`
			`@@ -1379,7 +1379,9 @@ long diagchar_ioctl(struct file *filp,`
			`result = diag_ioctl_dci_log_status(ioarg);`
			`break;`
			`case DIAG_IOCTL_DCI_EVENT_STATUS:`
			`+ mutex_lock(&driver->dci_mutex);`
			`result = diag_ioctl_dci_event_status(ioarg);`
			`+ mutex_unlock(&driver->dci_mutex);`
			`break;`
			`case DIAG_IOCTL_DCI_CLEAR_LOGS:`
			`if (copy_from_user((void )&client_id, (void __user )ioarg,`
			`--`
			`cgit v1.1`