Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01e81c03 authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "diag: dci: Validate dci client entries prior to access"

parents c90e406d 2c841eee

drivers/char/diag/diag_dci.c

+19 −2
Original line number Diff line number Diff line
@@ -2208,9 +2208,26 @@ struct diag_dci_client_tbl *dci_lookup_client_entry_pid(int tgid) 
{

	struct list_head *start, *temp;

	struct diag_dci_client_tbl *entry = NULL;

	struct pid *pid_struct = NULL;

	struct task_struct *task_s = NULL;



	list_for_each_safe(start, temp, &driver->dci_client_list) {

		entry = list_entry(start, struct diag_dci_client_tbl, track);

		pid_struct = find_get_pid(entry->tgid);

		if (!pid_struct) {

			DIAG_LOG(DIAG_DEBUG_DCI,

				"diag: valid pid doesn't exist for pid = %d\n",

				entry->tgid);

			continue;

		}

		task_s = get_pid_task(pid_struct, PIDTYPE_PID);

		if (!task_s) {

			DIAG_LOG(DIAG_DEBUG_DCI,

				"diag: valid task doesn't exist for pid = %d\n",

				entry->tgid);

			continue;

		}

		if (task_s == entry->client)

			if (entry->client->tgid == tgid)

				return entry;

	}

drivers/char/diag/diag_masks.c

+14 −0
Original line number Diff line number Diff line
@@ -752,7 +752,9 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len, 
	for (i = 0; i < NUM_PERIPHERALS; i++) {

		if (!diag_check_update(i))

			continue;

		mutex_lock(&driver->md_session_lock);

		diag_send_msg_mask_update(i, req->ssid_first, req->ssid_last);

		mutex_unlock(&driver->md_session_lock);

	}

end:

	return write_len;
@@ -814,7 +816,9 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len, 
	for (i = 0; i < NUM_PERIPHERALS; i++) {

		if (!diag_check_update(i))

			continue;

		mutex_lock(&driver->md_session_lock);

		diag_send_msg_mask_update(i, ALL_SSID, ALL_SSID);

		mutex_unlock(&driver->md_session_lock);

	}



	return write_len;
@@ -908,7 +912,9 @@ static int diag_cmd_update_event_mask(unsigned char *src_buf, int src_len, 
	for (i = 0; i < NUM_PERIPHERALS; i++) {

		if (!diag_check_update(i))

			continue;

		mutex_lock(&driver->md_session_lock);

		diag_send_event_mask_update(i);

		mutex_unlock(&driver->md_session_lock);

	}



	return write_len;
@@ -955,7 +961,9 @@ static int diag_cmd_toggle_events(unsigned char *src_buf, int src_len, 
	for (i = 0; i < NUM_PERIPHERALS; i++) {

		if (!diag_check_update(i))

			continue;

		mutex_lock(&driver->md_session_lock);

		diag_send_event_mask_update(i);

		mutex_unlock(&driver->md_session_lock);

	}

	memcpy(dest_buf, &header, sizeof(header));

	write_len += sizeof(header);
@@ -1209,7 +1217,9 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len, 
	for (i = 0; i < NUM_PERIPHERALS; i++) {

		if (!diag_check_update(i))

			continue;

		mutex_lock(&driver->md_session_lock);

		diag_send_log_mask_update(i, req->equip_id);

		mutex_unlock(&driver->md_session_lock);

	}

end:

	return write_len;
@@ -1260,7 +1270,9 @@ static int diag_cmd_disable_log_mask(unsigned char *src_buf, int src_len, 
	for (i = 0; i < NUM_PERIPHERALS; i++) {

		if (!diag_check_update(i))

			continue;

		mutex_lock(&driver->md_session_lock);

		diag_send_log_mask_update(i, ALL_EQUIP_ID);

		mutex_unlock(&driver->md_session_lock);

	}



	return write_len;
@@ -1923,9 +1935,11 @@ void diag_send_updates_peripheral(uint8_t peripheral) 
	diag_send_feature_mask_update(peripheral);

	if (driver->time_sync_enabled)

		diag_send_time_sync_update(peripheral);

	mutex_lock(&driver->md_session_lock);

	diag_send_msg_mask_update(peripheral, ALL_SSID, ALL_SSID);

	diag_send_log_mask_update(peripheral, ALL_EQUIP_ID);

	diag_send_event_mask_update(peripheral);

	mutex_unlock(&driver->md_session_lock);

	diag_send_real_time_update(peripheral,

				driver->real_time_mode[DIAG_LOCAL_PROC]);

	diag_send_peripheral_buffering_mode(