ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Chenbo Feng <fengc@google.com>	2017-11-28 18:22:11 -0800
committer	Moyster <oysterized@gmail.com>	2018-05-16 13:58:49 +0200
commit	ad781944055a2b79c3cfb6c5231ab2d5fd0c9a6b (patch)
tree	0d47a157e1e7b962764526687702b2cb0f60a089 /include/sound
parent	9ed1add79b3daa1c721a9b0e7d4c9587ca1f401a (diff)

ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree

When multiple threads is trying to tag/delete the same socket at the same time, there is a chance the tag_ref_entry of the target socket to be null before the uid_tag_data entry is freed. It is caused by the ctrl_cmd_tag function where it doesn't correctly grab the spinlocks when tagging a socket. Signed-off-by: Chenbo Feng <fengc@google.com> Bug: 65853158 Change-Id: I5d89885918054cf835370a52bff2d693362ac5f0

Diffstat (limited to 'include/sound')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: