samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dsp-kernel: Do not search the global map in the process-specific list

Browse Source 
If a user makes the ioctl call for the fastrpc_internal_mmap with the
global map flag, fd, and va corresponding to some map already present
in the process-specific list, then this map present in the process-
specific list could be added to the global list. Because global maps
are also searched in the process-specific list. If a map gets removed
from the global list and another concurrent thread is using the same
map for a process-specific use case, it could lead to a use-after-free.
Avoid searching the global map in the process-specific list.

Change-Id: I59c820eb984945d39cd6e4b163307ea43ee4d2f4
Signed-off-by: Abhishek Singh <quic_abhishes@quicinc.com>
This commit is contained in:
Abhishek Singh
2024-06-21 16:04:09 +05:30
parent e5f9d3ac0f
commit e2cfdde491
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dsp/adsprpc.c
View File

@@ -852,7 +852,10 @@ static int fastrpc_mmap_find(struct fastrpc_file *fl, int fd,
if ((va + len) < va) if ((va + len) < va)
return -EFAULT; return -EFAULT;
if (mflags == ADSP_MMAP_DMA_BUFFER) { if ((mflags == ADSP_MMAP_HEAP_ADDR) ||
(mflags == ADSP_MMAP_REMOTE_HEAP_ADDR)) {
return -EFAULT;
} else if (mflags == ADSP_MMAP_DMA_BUFFER) {
hlist_for_each_entry_safe(map, n, &fl->maps, hn) { hlist_for_each_entry_safe(map, n, &fl->maps, hn) {
if (map->buf == buf) { if (map->buf == buf) {
if (refs) { if (refs) {