staging: logger: hold mutex while removing reader
authorRabin Vincent <rabin.vincent@stericsson.com>
Wed, 22 Feb 2012 10:28:00 +0000 (15:58 +0530)
committerKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 22 Apr 2021 08:32:05 +0000 (10:32 +0200)
The readers list is traversed under the log->mutex lock
(for example from fix_up_readers()), but the deletion of
elements from this list is not being done under this lock.

Cc: Brian Swetland <swetland@google.com>
Cc: Dima Zavin <dima@android.com>
Signed-off-by: Rabin Vincent <rabin.vincent@stericsson.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/android/logger.c

index 0d2367f..ea69b6a 100644 (file)
@@ -459,7 +459,12 @@ static int logger_release(struct inode *ignored, struct file *file)
 {
        if (file->f_mode & FMODE_READ) {
                struct logger_reader *reader = file->private_data;
+               struct logger_log *log = reader->log;
+
+               mutex_lock(&log->mutex);
                list_del(&reader->list);
+               mutex_unlock(&log->mutex);
+
                kfree(reader);
        }