The readers list is traversed under the log->mutex lock
(for example from fix_up_readers()), but the deletion of
elements from this list is not being done under this lock.
Cc: Brian Swetland <[email protected]>
Cc: Dima Zavin <[email protected]>
Signed-off-by: Rabin Vincent <[email protected]>
---
drivers/staging/android/logger.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/drivers/staging/android/logger.c b/drivers/staging/android/logger.c
index ffc2d04..a45c3b0 100644
--- a/drivers/staging/android/logger.c
+++ b/drivers/staging/android/logger.c
@@ -432,7 +432,12 @@ static int logger_release(struct inode *ignored, struct file *file)
{
if (file->f_mode & FMODE_READ) {
struct logger_reader *reader = file->private_data;
+ struct logger_log *log = reader->log;
+
+ mutex_lock(&log->mutex);
list_del(&reader->list);
+ mutex_unlock(&log->mutex);
+
kfree(reader);
}
--
1.7.4.3