DivestOS/Patches/Linux_CVEs/CVE-2016-10296/ANY/1.patch
2017-10-29 22:14:37 -04:00

79 lines
2.2 KiB
Diff

diff --git a/drivers/uio/msm_sharedmem/sharedmem_qmi.c b/drivers/uio/msm_sharedmem/sharedmem_qmi.c
index bb6a23b..c8ecd5d 100644
--- a/drivers/uio/msm_sharedmem/sharedmem_qmi.c
+++ b/drivers/uio/msm_sharedmem/sharedmem_qmi.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2014-2015, 2017, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -257,12 +257,17 @@
#define DEBUG_BUF_SIZE (2048)
static char *debug_buffer;
static u32 debug_data_size;
+static struct mutex dbg_buf_lock; /* mutex for debug_buffer */
static ssize_t debug_read(struct file *file, char __user *buf,
size_t count, loff_t *file_pos)
{
- return simple_read_from_buffer(buf, count, file_pos, debug_buffer,
- debug_data_size);
+ size_t ret;
+ mutex_lock(&dbg_buf_lock);
+ ret = simple_read_from_buffer(buf, count, file_pos,
+ debug_buffer, debug_data_size);
+ mutex_unlock(&dbg_buf_lock);
+ return ret;
}
static u32 fill_debug_info(char *buffer, u32 buffer_size)
@@ -313,21 +318,29 @@
{
u32 buffer_size;
- if (debug_buffer != NULL)
+ mutex_lock(&dbg_buf_lock);
+ if (debug_buffer != NULL) {
+ mutex_unlock(&dbg_buf_lock);
return -EBUSY;
+ }
buffer_size = DEBUG_BUF_SIZE;
debug_buffer = kzalloc(buffer_size, GFP_KERNEL);
- if (debug_buffer == NULL)
+ if (debug_buffer == NULL) {
+ mutex_unlock(&dbg_buf_lock);
return -ENOMEM;
+ }
debug_data_size = fill_debug_info(debug_buffer, buffer_size);
+ mutex_unlock(&dbg_buf_lock);
return 0;
}
static int debug_close(struct inode *inode, struct file *file)
{
+ mutex_lock(&dbg_buf_lock);
kfree(debug_buffer);
debug_buffer = NULL;
debug_data_size = 0;
+ mutex_unlock(&dbg_buf_lock);
return 0;
}
@@ -358,6 +371,7 @@
{
struct dentry *f_ent;
+ mutex_init(&dbg_buf_lock);
dir_ent = debugfs_create_dir("rmt_storage", NULL);
if (IS_ERR(dir_ent)) {
pr_err("Failed to create debug_fs directory\n");
@@ -386,6 +400,7 @@
static void debugfs_exit(void)
{
debugfs_remove_recursive(dir_ent);
+ mutex_destroy(&dbg_buf_lock);
}
static void sharedmem_qmi_svc_recv_msg(struct work_struct *work)