From 9d08770c21c08c51af1cca3c36ff0f35ad34f97b Mon Sep 17 00:00:00 2001
From: Mohit Aggarwal <maggarwa@codeaurora.org>
Date: Thu, 6 Jul 2017 10:16:52 +0530
Subject: [PATCH] diag: Add protection while de-initializing clients

Currently, while de-initializing clients, there is
a possibility of using already freed memory. The
patch adds proper protection to fix the issue.

CRs-Fixed: 2068569
Change-Id: I4b397a82e03fa2f1c84cfa8ca912cdb6a51ba08b
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
---
 drivers/char/diag/diagchar_core.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c
index 53d92a46f3f1..896e53e2889f 100644
--- a/drivers/char/diag/diagchar_core.c
+++ b/drivers/char/diag/diagchar_core.c
@@ -1649,14 +1649,18 @@ static int diag_ioctl_lsm_deinit(void)
 {
 	int i;
 
+	mutex_lock(&driver->diagchar_mutex);
 	for (i = 0; i < driver->num_clients; i++)
 		if (driver->client_map[i].pid == current->tgid)
 			break;
 
-	if (i == driver->num_clients)
+	if (i == driver->num_clients) {
+		mutex_unlock(&driver->diagchar_mutex);
 		return -EINVAL;
+	}
 
 	driver->data_ready[i] |= DEINIT_TYPE;
+	mutex_unlock(&driver->diagchar_mutex);
 	wake_up_interruptible(&driver->wait_q);
 
 	return 1;
-- 
GitLab