Santosh Sakore a2f9f978b1 msm: adsprpc: Handle UAF in fastrpc_buf_free ...

Thread T1 add buffer to fl->cached_bufs and release fl->hlock and holding
buffer reference. Now thread T2 will aquire fl->hlock and free buffer in
fastrpc_cached_buf_list_free(). T1 will dereference the freed buffer.
Moving reference buffer uses for T1 inside fl->hlock to avoid UAF.

Change-Id: I5f08d5497099133f87d55f5879cfe50c2ba23ae6
Signed-off-by: Santosh Sakore <quic_ssakore@quicinc.com>

2023-04-11 09:03:05 -07:00

..

adsprpc_compat.c

msm: adsprpc: To avoid null pointer dereference

2023-01-31 23:44:36 -08:00

adsprpc_compat.h

adsprpc: Add initial src files to new target

2022-08-12 17:41:38 -07:00

adsprpc_rpmsg.c

adsprpc: Enable fastrpc trusted driver

2023-03-16 14:14:25 -07:00

adsprpc_shared.h

msm: adsprpc: Fix race in async context response

2023-04-10 09:25:34 -07:00

adsprpc_socket.c

adsprpc: Enable fastrpc trusted driver

2023-03-16 14:14:25 -07:00

adsprpc.c

msm: adsprpc: Handle UAF in fastrpc_buf_free

2023-04-11 09:03:05 -07:00

cdsp-loader.c

dsp-kernel: dsp: Update CDSP state flag after image unloading

2023-02-28 11:57:11 +05:30

fastrpc_trace.h

Add support for Bazel to build modules

2023-01-03 11:01:38 -08:00