Loading drivers/platform/msm/ipa/ipa_v2/ipa_intf.c +17 −4 Original line number Diff line number Diff line /* Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. /* Copyright (c) 2013-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -737,6 +737,12 @@ ssize_t ipa_read(struct file *filp, char __user *buf, size_t count, IPADBG("msg=%pK\n", msg); locked = 0; mutex_unlock(&ipa_ctx->msg_lock); if (count < sizeof(struct ipa_msg_meta)) { kfree(msg); msg = NULL; ret = -EFAULT; break; } if (copy_to_user(buf, &msg->meta, sizeof(struct ipa_msg_meta))) { kfree(msg); Loading @@ -747,6 +753,7 @@ ssize_t ipa_read(struct file *filp, char __user *buf, size_t count, buf += sizeof(struct ipa_msg_meta); count -= sizeof(struct ipa_msg_meta); if (msg->buff) { if (count >= msg->meta.msg_len) { if (copy_to_user(buf, msg->buff, msg->meta.msg_len)) { kfree(msg); Loading @@ -754,6 +761,12 @@ ssize_t ipa_read(struct file *filp, char __user *buf, size_t count, ret = -EFAULT; break; } } else { kfree(msg); msg = NULL; ret = -EFAULT; break; } buf += msg->meta.msg_len; count -= msg->meta.msg_len; msg->callback(msg->buff, msg->meta.msg_len, Loading drivers/platform/msm/ipa/ipa_v3/ipa_intf.c +16 −3 Original line number Diff line number Diff line /* Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. /* Copyright (c) 2013-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -745,6 +745,12 @@ ssize_t ipa3_read(struct file *filp, char __user *buf, size_t count, if (msg) { locked = 0; mutex_unlock(&ipa3_ctx->msg_lock); if (count < sizeof(struct ipa_msg_meta)) { kfree(msg); msg = NULL; ret = -EFAULT; break; } if (copy_to_user(buf, &msg->meta, sizeof(struct ipa_msg_meta))) { ret = -EFAULT; Loading @@ -755,6 +761,7 @@ ssize_t ipa3_read(struct file *filp, char __user *buf, size_t count, buf += sizeof(struct ipa_msg_meta); count -= sizeof(struct ipa_msg_meta); if (msg->buff) { if (count >= msg->meta.msg_len) { if (copy_to_user(buf, msg->buff, msg->meta.msg_len)) { ret = -EFAULT; Loading @@ -762,6 +769,12 @@ ssize_t ipa3_read(struct file *filp, char __user *buf, size_t count, msg = NULL; break; } } else { ret = -EFAULT; kfree(msg); msg = NULL; break; } buf += msg->meta.msg_len; count -= msg->meta.msg_len; msg->callback(msg->buff, msg->meta.msg_len, Loading Loading
drivers/platform/msm/ipa/ipa_v2/ipa_intf.c +17 −4 Original line number Diff line number Diff line /* Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. /* Copyright (c) 2013-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -737,6 +737,12 @@ ssize_t ipa_read(struct file *filp, char __user *buf, size_t count, IPADBG("msg=%pK\n", msg); locked = 0; mutex_unlock(&ipa_ctx->msg_lock); if (count < sizeof(struct ipa_msg_meta)) { kfree(msg); msg = NULL; ret = -EFAULT; break; } if (copy_to_user(buf, &msg->meta, sizeof(struct ipa_msg_meta))) { kfree(msg); Loading @@ -747,6 +753,7 @@ ssize_t ipa_read(struct file *filp, char __user *buf, size_t count, buf += sizeof(struct ipa_msg_meta); count -= sizeof(struct ipa_msg_meta); if (msg->buff) { if (count >= msg->meta.msg_len) { if (copy_to_user(buf, msg->buff, msg->meta.msg_len)) { kfree(msg); Loading @@ -754,6 +761,12 @@ ssize_t ipa_read(struct file *filp, char __user *buf, size_t count, ret = -EFAULT; break; } } else { kfree(msg); msg = NULL; ret = -EFAULT; break; } buf += msg->meta.msg_len; count -= msg->meta.msg_len; msg->callback(msg->buff, msg->meta.msg_len, Loading
drivers/platform/msm/ipa/ipa_v3/ipa_intf.c +16 −3 Original line number Diff line number Diff line /* Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. /* Copyright (c) 2013-2019, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -745,6 +745,12 @@ ssize_t ipa3_read(struct file *filp, char __user *buf, size_t count, if (msg) { locked = 0; mutex_unlock(&ipa3_ctx->msg_lock); if (count < sizeof(struct ipa_msg_meta)) { kfree(msg); msg = NULL; ret = -EFAULT; break; } if (copy_to_user(buf, &msg->meta, sizeof(struct ipa_msg_meta))) { ret = -EFAULT; Loading @@ -755,6 +761,7 @@ ssize_t ipa3_read(struct file *filp, char __user *buf, size_t count, buf += sizeof(struct ipa_msg_meta); count -= sizeof(struct ipa_msg_meta); if (msg->buff) { if (count >= msg->meta.msg_len) { if (copy_to_user(buf, msg->buff, msg->meta.msg_len)) { ret = -EFAULT; Loading @@ -762,6 +769,12 @@ ssize_t ipa3_read(struct file *filp, char __user *buf, size_t count, msg = NULL; break; } } else { ret = -EFAULT; kfree(msg); msg = NULL; break; } buf += msg->meta.msg_len; count -= msg->meta.msg_len; msg->callback(msg->buff, msg->meta.msg_len, Loading
