Google Git
Sign in
android / kernel / msm.git / android-6.0.1_r0.99
tagbadf811d5aa7273be9663837ed354eb951606ac2
taggerThe Android Open Source Project <initial-contribution@android.com>Thu Jul 07 11:22:43 2016 -0700
object1b92b5163feaa8b365e22b704304c367eb34afee 
Android 6.0.1 Release 0.99 (MOB30Q,seed)
commit1b92b5163feaa8b365e22b704304c367eb34afee[log] [tgz]
authorDivya Ponnusamy <pdivya@codeaurora.org>Fri May 06 13:24:37 2016 -0600
committerRobb Glasser <rglasser@google.com>Wed May 25 16:41:43 2016 +0000
treee813dc8119616b847c7be2acfe94f00c5c0a97b0
parent363fb3525fb16baf58a4fe0adb3c78742b81fba7 [diff]
msm: kgsl: Avoid race condition in ioctl_syncsource_destroy

If the ioctl syncsource_destroy is accessed by parallel
threads, where the spinlock is acquired by threads after
getting syncsource, then the simultaneous processes try
to remove the already destroyed syncsource->refcount by
the first thread that acquires this spinlock. This leads
to race condition while removing syncsource->idr.

Avoid separate lock inside getting syncsource, instead
acquire spinlock before we get the syncsource in
destroy ioctl so that the threads access the spinlock
and operate on syncsource without use-after-free issue.

Change-Id: I6add3800c40cd09f6e6e0cf2720e69059bd83cbc
Signed-off-by: Divya Ponnusamy <pdivya@codeaurora.org>
1 file changed
tree: e813dc8119616b847c7be2acfe94f00c5c0a97b0
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .gitignore
  24. .mailmap
  25. AndroidKernel.mk
  26. build.config
  27. build.config.net_test
  28. build_a1.config
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README
  36. REPORTING-BUGS