android/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

msm: kgsl: Hold fault lock while accessing context faults

Browse Source 
Currently, there is no lock held while accessing context
faults during the fault report IOCTL. This could introduce
a race which can lead to use after free. Thus, hold fault
lock while accessing context faults.

Change-Id: I09cbda15de3f3fc1074d5ec3e4b7b5daf211fe4a
Signed-off-by: Kamal Agrawal <quic_kamaagra@quicinc.com>
This commit is contained in:
Kamal Agrawal 2024-03-20 00:16:31 +05:30 committed by Amit Kushwaha
parent a9364f32f3
commit 160e1ca120
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
kgsl.c
View File

@ -3899,6 +3899,8 @@ static int kgsl_update_fault_details(struct kgsl_context *context,
memcpy(&faults[fault.type], &fault, sizeof(fault));
}
mutex_lock(&context->fault_lock);
list_for_each_entry(fault_node, &context->faults, node) {
u32 fault_type = fault_node->type;
@ -3916,12 +3918,15 @@ static int kgsl_update_fault_details(struct kgsl_context *context,
cur_idx[fault_type] * faults[fault_type].size),
fault_node->priv, size)) {
ret = -EFAULT;
goto err;
goto release_lock;
}
cur_idx[fault_type] += 1;
}
release_lock:
mutex_unlock(&context->fault_lock);
err:
kfree(faults);
return ret;
@ -3935,8 +3940,10 @@ static int kgsl_update_fault_count(struct kgsl_context *context,
struct kgsl_fault_node *fault_node;
int i, j;
mutex_lock(&context->fault_lock);
list_for_each_entry(fault_node, &context->faults, node)
faultcount[fault_node->type]++;
mutex_unlock(&context->fault_lock);
/* KGSL_FAULT_TYPE_NO_FAULT (i.e. 0) is not an actual fault type */
for (i = 0, j = 1; i < faultnents && j < KGSL_FAULT_TYPE_MAX; j++) {