diag: Fix possible access to freed variable
Mdlog structure member - hdlc timer is being accessed after
mdlog session is terminated.
This patch prevents the access to freed variable
by providing session_lock protection.
Change-Id: I1701e57fb4bbb751b76a4f24dc936ac22524e26c
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
diff --git a/drivers/char/diag/diagfwd.c b/drivers/char/diag/diagfwd.c
index 3fce72f7..f9dc670d 100644
--- a/drivers/char/diag/diagfwd.c
+++ b/drivers/char/diag/diagfwd.c
@@ -1345,6 +1345,7 @@ static uint8_t hdlc_reset;
static void hdlc_reset_timer_start(struct diag_md_session_t *info)
{
+ mutex_lock(&driver->md_session_lock);
if (!hdlc_timer_in_progress) {
hdlc_timer_in_progress = 1;
if (info)
@@ -1354,6 +1355,7 @@ static void hdlc_reset_timer_start(struct diag_md_session_t *info)
mod_timer(&driver->hdlc_reset_timer,
jiffies + msecs_to_jiffies(200));
}
+ mutex_unlock(&driver->md_session_lock);
}
static void hdlc_reset_timer_func(unsigned long data)