diag: dci: Validate dci client entries prior to access

The patch validates the dci entries and its task structure before accessing structure members avoiding possible kernel bug. CRs-Fixed: 2035140 Change-Id: I7b0813defef1cb60400184acc631047cf72af94e Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
2024-11-23 12:10:29 +00:00 · 2017-05-05 10:15:53 +05:30 · 2017-05-05 10:15:53 +05:30 · 96d648a19c
commit 96d648a19c
parent f35813da5b
2 changed files with 20 additions and 3 deletions
--- a/drivers/char/diag/diag_dci.c
+++ b/drivers/char/diag/diag_dci.c
@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 and
@ -2103,10 +2103,26 @@ struct diag_dci_client_tbl *dci_lookup_client_entry_pid(int tgid)
 {
 	struct list_head *start, *temp;
 	struct diag_dci_client_tbl *entry = NULL;
+	struct pid *pid_struct = NULL;
+	struct task_struct *task_s = NULL;
+
 	list_for_each_safe(start, temp, &driver->dci_client_list) {
 		entry = list_entry(start, struct diag_dci_client_tbl, track);
-		if (entry->client->tgid == tgid)
-			return entry;
+		pid_struct = find_get_pid(entry->tgid);
+		if (!pid_struct) {
+			pr_err("diag: valid pid doesn't exist for pid = %d\n",
+				entry->tgid);
+			continue;
+		}
+		task_s = get_pid_task(pid_struct, PIDTYPE_PID);
+		if (!task_s) {
+			pr_err("diag: valid task doesn't exist for pid = %d\n",
+				entry->tgid);
+			continue;
+		}
+		if (task_s == entry->client)
+			if (entry->client->tgid == tgid)
+				return entry;
 	}
 	return NULL;
 }
--- a/drivers/char/diag/diag_dci.h
+++ b/drivers/char/diag/diag_dci.h
@ -130,6 +130,7 @@ struct diag_dci_buf_peripheral_t {
 };

 struct diag_dci_client_tbl {
+	int tgid;
 	struct diag_dci_reg_tbl_t client_info;
 	struct task_struct *client;
 	unsigned char *dci_log_mask;