msm: adsprpc : Fix use after free in fastrpc_internal_mem_unmap (b1f71f18) · Commits · CodeLinaro / la / kernel / msm-5.15 · GitLab

Commit b1f71f18 authored Sep 15, 2023 by

Santosh Sakore

msm: adsprpc : Fix use after free in fastrpc_internal_mem_unmap

Thread 1 can make a to call fastrpc_mmap_create under internal mem map
and release fl->map_mutex. Thread 2 can make call to internal mem unmap,
acquire fl->map_mutex and get same map though fastrpc_mmap_remove.
Thread 1 fail in fastrpc_mem_map_to_dsp jumps to bail and do map free.
Thread 2 still holds same map which can lead use after free. Serialize
fastrpc internal mem map and unmap.

Change-Id: I54a3602914b43fc67635c0de193bd21aa13daaa3
Signed-off-by: Santosh Sakore <quic_ssakore@quicinc.com>

parent 860a4121

Hide whitespace changes

Inline Side-by-side

lnx build @lnxbuild
mentioned in commit deafd416
· Oct 23, 2023

mentioned in commit deafd416

mentioned in commit deafd41607da04cf6ee3e3b7350f0d91f101debf

Toggle commit list
lnx build @lnxbuild
mentioned in commit f0d0d584
· Nov 07, 2023

mentioned in commit f0d0d584

mentioned in commit f0d0d5847749e565a2bd745543f71832fb60b587

Toggle commit list
lnx build @lnxbuild
mentioned in commit d85f6050
· Dec 04, 2023

mentioned in commit d85f6050

mentioned in commit d85f6050b1e6b4888ce67a88a8f38342110994be

Toggle commit list

Please register or to comment