Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 41224bae22e9e1a628d5cd0e135e0d0789f21ecf^! / .
commit41224bae22e9e1a628d5cd0e135e0d0789f21ecf[log] [tgz]
authorGopikrishna Mogasati <gmogas@codeaurora.org>Mon May 22 12:05:11 2017 +0530
committerManoj Prabhu B <bmanoj@codeaurora.org>Thu Oct 12 14:50:33 2017 +0530
tree9f7fba3e60aa9bb21f2f9cd795057c49c1e19b70
parent5b93637dbb74174bd19ebb6a3e2c3191f5cf7a4a [diff]
diag: dci: Add validity check for dci client's process descriptor

This fix checks the validity of dci client's process descriptor
before issuing a signal to it when subsystem restart is performed.
This fix avoids accessing cleaned-up process descriptor's fields.

CRs-Fixed: 2047235
Change-Id: Ic26977dc22c68f0a7007dd963c9273bba2a5dbfe
Signed-off-by: Gopikrishna Mogasati <gmogas@codeaurora.org>

diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c
index e2d39e7..23c8d46 100644
--- a/drivers/char/diag/diag_dci.c
+++ b/drivers/char/diag/diag_dci.c

@@ -1440,6 +1440,8 @@
 	struct siginfo info;
 	struct list_head *start, *temp;
 	struct diag_dci_client_tbl *entry = NULL;
+	struct pid *pid_struct = NULL;
+	struct task_struct *dci_task = NULL;
 
 	memset(&info, 0, sizeof(struct siginfo));
 	info.si_code = SI_QUEUE;
@@ -1457,20 +1459,32 @@
 			continue;
 		if (entry->client_info.notification_list & peripheral_mask) {
 			info.si_signo = entry->client_info.signal_type;
-			if (entry->client &&
-				entry->tgid == entry->client->tgid) {
-				DIAG_LOG(DIAG_DEBUG_DCI,
-					"entry tgid = %d, dci client tgid = %d\n",
-					entry->tgid, entry->client->tgid);
-				stat = send_sig_info(
-					entry->client_info.signal_type,
-					&info, entry->client);
-				if (stat)
-					pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n",
+			pid_struct = find_get_pid(entry->tgid);
+			if (pid_struct) {
+				dci_task = get_pid_task(pid_struct,
+						PIDTYPE_PID);
+				if (!dci_task) {
+					DIAG_LOG(DIAG_DEBUG_PERIPHERALS,
+						"diag: dci client with pid = %d Exited..\n",
+						entry->tgid);
+					mutex_unlock(&driver->dci_mutex);
+					return;
+				}
+				if (entry->client &&
+					entry->tgid == dci_task->tgid) {
+					DIAG_LOG(DIAG_DEBUG_DCI,
+						"entry tgid = %d, dci client tgid = %d\n",
+						entry->tgid, dci_task->tgid);
+					stat = send_sig_info(
+						entry->client_info.signal_type,
+						&info, dci_task);
+					if (stat)
+						pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n",
 							info.si_int, stat);
-			} else
-				pr_err("diag: client data is corrupted, signal data: 0x%x, stat: %d\n",
+				} else
+					pr_err("diag: client data is corrupted, signal data: 0x%x, stat: %d\n",
 						info.si_int, stat);
+			}
 		}
 	}
 	mutex_unlock(&driver->dci_mutex);