DivestOS/Patches/Linux_CVEs/CVE-2017-9697/4.4/0002.patch
2017-11-07 21:38:42 -05:00

52 lines
1.7 KiB
Diff

From 7e45e3a6c1f6dd46d71fb6824a7cf702d2e79225 Mon Sep 17 00:00:00 2001
From: Mohit Aggarwal <maggarwa@codeaurora.org>
Date: Thu, 25 May 2017 20:21:12 +0530
Subject: diag: Synchronize command registration table access
Currently, command registration table is being read
in debugfs without any protection which may lead to
access of stale entries. The patch takes care of the
issue by adding proper protection.
CRs-Fixed: 2032672
Change-Id: I6ae058c16873f9ed52ae6516a1a70fd6d2d0da80
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
---
drivers/char/diag/diag_debugfs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/char/diag/diag_debugfs.c b/drivers/char/diag/diag_debugfs.c
index ca7dd88..86e626d 100644
--- a/drivers/char/diag/diag_debugfs.c
+++ b/drivers/char/diag/diag_debugfs.c
@@ -273,8 +273,10 @@ static ssize_t diag_dbgfs_read_table(struct file *file, char __user *ubuf,
struct list_head *temp;
struct diag_cmd_reg_t *item = NULL;
+ mutex_lock(&driver->cmd_reg_mutex);
if (diag_dbgfs_table_index == driver->cmd_reg_count) {
diag_dbgfs_table_index = 0;
+ mutex_unlock(&driver->cmd_reg_mutex);
return 0;
}
@@ -283,6 +285,7 @@ static ssize_t diag_dbgfs_read_table(struct file *file, char __user *ubuf,
buf = kzalloc(sizeof(char) * buf_size, GFP_KERNEL);
if (ZERO_OR_NULL_PTR(buf)) {
pr_err("diag: %s, Error allocating memory\n", __func__);
+ mutex_unlock(&driver->cmd_reg_mutex);
return -ENOMEM;
}
buf_size = ksize(buf);
@@ -327,6 +330,7 @@ static ssize_t diag_dbgfs_read_table(struct file *file, char __user *ubuf,
break;
}
diag_dbgfs_table_index = i;
+ mutex_unlock(&driver->cmd_reg_mutex);
*ppos = 0;
ret = simple_read_from_buffer(ubuf, count, ppos, buf, bytes_in_buffer);
--
cgit v1.1