Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 05:35:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
86c2d7a648
DivestOS/Patches/Linux_CVEs/CVE-2017-8265/0.patch

63 lines
2.3 KiB
Diff
Raw Blame History

From 193813a21453ccc7fb6b04bedf881a6feaaa015f Mon Sep 17 00:00:00 2001
From: Vasantha Balla <vballa@codeaurora.org>
Date: Tue, 28 Mar 2017 16:04:06 +0530
Subject: msm-vidc: Allocate bus vote data during initialization
Dynamic reallocation of vote_data memory can cause double free
problem if multiple instances try to reallocate simultaneously.
So allocate this memory statically.
Change-Id: Ib5ff08c600a4b69a38b519688bbc153de9f50090
Signed-off-by: Vasantha Balla<vballa@codeaurora.org>
---
drivers/media/platform/msm/vidc/venus_hfi.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/drivers/media/platform/msm/vidc/venus_hfi.c b/drivers/media/platform/msm/vidc/venus_hfi.c
index 4df4f35..8b98c41d 100644
--- a/drivers/media/platform/msm/vidc/venus_hfi.c
+++ b/drivers/media/platform/msm/vidc/venus_hfi.c
@@ -929,15 +929,12 @@ static int venus_hfi_vote_active_buses(void *dev,
return -EINVAL;
}
- /* (Re-)alloc memory to store the new votes (in case we internally
- * re-vote after power collapse, which is transparent to client) */
- cached_vote_data = krealloc(device->bus_load.vote_data, num_data *
- sizeof(*cached_vote_data), GFP_KERNEL);
- if (!cached_vote_data) {
- dprintk(VIDC_ERR, "Can't alloc memory to cache bus votes\n");
- rc = -ENOMEM;
- goto err_no_mem;
- }
+ cached_vote_data = device->bus_load.vote_data;
+ if (!cached_vote_data) {
+ dprintk(VIDC_ERR,"Invalid bus load vote data\n");
+ rc = -ENOMEM;
+ goto err_no_mem;
+ }
/* Alloc & init the load table */
num_bus = device->res->bus_set.count;
@@ -3746,9 +3743,15 @@ static int venus_hfi_init_bus(struct venus_hfi_device *device)
dprintk(VIDC_DBG, "Registered bus client %s\n", name);
}
- device->bus_load.vote_data = NULL;
- device->bus_load.vote_data_count = 0;
+ device->bus_load.vote_data = (struct vidc_bus_vote_data *)
+ kzalloc(sizeof(struct vidc_bus_vote_data)*MAX_SUPPORTED_INSTANCES_COUNT, GFP_KERNEL);
+ if (device->bus_load.vote_data == NULL) {
+ dprintk(VIDC_ERR,"Failed to allocate memory for vote_data\n");
+ rc = -ENOMEM;
+ goto err_init_bus;
+ }
+ device->bus_load.vote_data_count = 0;
return rc;
err_init_bus:
venus_hfi_deinit_bus(device);
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink