Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / b0e23c5494c935a4c3eb0c6c87fb30a2f1c75f1a
commitb0e23c5494c935a4c3eb0c6c87fb30a2f1c75f1a[log] [tgz]
authorKarthikeyan Ramasubramanian <kramasub@codeaurora.org>Fri Feb 08 13:07:42 2013 -0700
committerJay Chokshi <jchokshi@codeaurora.org>Thu Feb 14 10:49:27 2013 -0800
tree30b4b4be4c27a92cda4c818fe87e4cc007b67891
parentc41fcf5781ecabd368cbe98f928ee3d2af42cd2c [diff]
msm: ipc: Cache the length of a packet being looped back

When a message is looped back to the user-space, sometimes the
receiver acts quickly, reads the contents of the packet and frees
the buffer. This leads to a scenario where the sender is trying to
dereference the packet length info of a freed packet. Hence a garbage
packet length gets returned to the user-space.

Fix this race condition by storing the packet length of the packet
being looped back into a variable and return the value of that variable
when the loopback operation is complete.

Change-Id: I595a562bfa12151b2f9154df681ce23c965dfff5
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
1 file changed
tree: 30b4b4be4c27a92cda4c818fe87e4cc007b67891
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS