diag: dci: Prevent task deallocation and possible resource leak
Prevent DCI clients' task structs from being deallocated to provide
diag driver a chance to clean up its dci client list. Also update
dci client list pid reference count properly to prevent any resource
leakage.
Bug: 68726653
Change-Id: I31c61442a48ac263fd9ff341f6c29db8ace90952
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c
index e3a778a..3cd1153 100644
--- a/drivers/char/diag/diag_dci.c
+++ b/drivers/char/diag/diag_dci.c
@@ -1435,6 +1435,7 @@
DIAG_LOG(DIAG_DEBUG_PERIPHERALS,
"diag: dci client with pid = %d Exited..\n",
entry->tgid);
+ put_pid(pid_struct);
mutex_unlock(&driver->dci_mutex);
return;
}
@@ -1449,9 +1450,12 @@
if (stat)
pr_err("diag: Err sending dci signal to client, signal data: 0x%x, stat: %d\n",
info.si_int, stat);
- } else
+ } else {
pr_err("diag: client data is corrupted, signal data: 0x%x, stat: %d\n",
info.si_int, stat);
+ }
+ put_task_struct(dci_task);
+ put_pid(pid_struct);
}
}
}
@@ -2203,11 +2207,18 @@
DIAG_LOG(DIAG_DEBUG_DCI,
"diag: valid task doesn't exist for pid = %d\n",
entry->tgid);
+ put_pid(pid_struct);
continue;
}
- if (task_s == entry->client)
- if (entry->client->tgid == tgid)
+ if (task_s == entry->client) {
+ if (entry->client->tgid == tgid) {
+ put_task_struct(task_s);
+ put_pid(pid_struct);
return entry;
+ }
+ }
+ put_task_struct(task_s);
+ put_pid(pid_struct);
}
return NULL;
}
@@ -2829,6 +2840,7 @@
mutex_lock(&driver->dci_mutex);
+ get_task_struct(current);
new_entry->client = current;
new_entry->tgid = current->tgid;
new_entry->client_info.notification_list =
@@ -2964,6 +2976,9 @@
if (!list_empty(&entry->track))
list_del(&entry->track);
driver->num_dci_client--;
+
+ put_task_struct(entry->client);
+ entry->client = NULL;
/*
* Clear the client's log and event masks, update the cumulative
* masks and send the masks to peripherals
diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c
index bf1d3fb..e5a5c90 100644
--- a/drivers/char/diag/diagchar_core.c
+++ b/drivers/char/diag/diagchar_core.c
@@ -22,6 +22,7 @@
#include <linux/sched.h>
#include <linux/ratelimit.h>
#include <linux/timer.h>
+#include <linux/sched.h>
#ifdef CONFIG_DIAG_OVER_USB
#include <linux/usb/usbdiag.h>
#endif
@@ -3035,20 +3036,32 @@
DIAG_LOG(DIAG_DEBUG_DCI,
"diag: valid task doesn't exist for pid = %d\n",
entry->tgid);
+ put_pid(pid_struct);
continue;
}
- if (task_s == entry->client)
- if (entry->client->tgid != current->tgid)
+ if (task_s == entry->client) {
+ if (entry->client->tgid != current->tgid) {
+ put_task_struct(task_s);
+ put_pid(pid_struct);
continue;
- if (!entry->in_service)
+ }
+ }
+ if (!entry->in_service) {
+ put_task_struct(task_s);
+ put_pid(pid_struct);
continue;
+ }
if (copy_to_user(buf + ret, &data_type, sizeof(int))) {
+ put_task_struct(task_s);
+ put_pid(pid_struct);
mutex_unlock(&driver->dci_mutex);
goto end;
}
ret += sizeof(int);
if (copy_to_user(buf + ret, &entry->client_info.token,
sizeof(int))) {
+ put_task_struct(task_s);
+ put_pid(pid_struct);
mutex_unlock(&driver->dci_mutex);
goto end;
}
@@ -3059,9 +3072,13 @@
driver->data_ready[index] ^= DCI_DATA_TYPE;
mutex_unlock(&driver->diagchar_mutex);
if (exit_stat == 1) {
+ put_task_struct(task_s);
+ put_pid(pid_struct);
mutex_unlock(&driver->dci_mutex);
goto end;
}
+ put_task_struct(task_s);
+ put_pid(pid_struct);
}
mutex_unlock(&driver->dci_mutex);
goto end;
