Loading drivers/char/diag/diag_memorydevice.c +17 −3 Original line number Diff line number Diff line Loading @@ -177,7 +177,7 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) { int i, peripheral, pid = 0; uint8_t found = 0; unsigned long flags; unsigned long flags, flags_sec; struct diag_md_info *ch = NULL; struct diag_md_session_t *session_info = NULL; Loading Loading @@ -209,6 +209,16 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) } spin_lock_irqsave(&ch->lock, flags); if (peripheral == APPS_DATA) { spin_lock_irqsave(&driver->diagmem_lock, flags_sec); if (!hdlc_data.allocated && !non_hdlc_data.allocated) { spin_unlock_irqrestore(&driver->diagmem_lock, flags_sec); spin_unlock_irqrestore(&ch->lock, flags); mutex_unlock(&driver->md_session_lock); return -EINVAL; } } for (i = 0; i < ch->num_tbl_entries && !found; i++) { if (ch->tbl[i].buf != buf) continue; Loading @@ -220,14 +230,16 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) ch->tbl[i].len = 0; ch->tbl[i].ctx = 0; } spin_unlock_irqrestore(&ch->lock, flags); if (found) { if (peripheral == APPS_DATA) spin_unlock_irqrestore(&driver->diagmem_lock, flags_sec); spin_unlock_irqrestore(&ch->lock, flags); mutex_unlock(&driver->md_session_lock); return -ENOMEM; } spin_lock_irqsave(&ch->lock, flags); for (i = 0; i < ch->num_tbl_entries && !found; i++) { if (ch->tbl[i].len == 0) { ch->tbl[i].buf = buf; Loading @@ -237,6 +249,8 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) diag_ws_on_read(DIAG_WS_MUX, len); } } if (peripheral == APPS_DATA) spin_unlock_irqrestore(&driver->diagmem_lock, flags_sec); spin_unlock_irqrestore(&ch->lock, flags); mutex_unlock(&driver->md_session_lock); Loading drivers/char/diag/diagfwd.c +3 −0 Original line number Diff line number Diff line Loading @@ -1945,6 +1945,9 @@ static int diagfwd_mux_write_done(unsigned char *buf, int len, int buf_ctxt, DIAG_LOG(DIAG_DEBUG_PERIPHERALS, "No apps data buffer is allocated to be freed\n"); if (temp) { DIAG_LOG(DIAG_DEBUG_PERIPHERALS, "Freeing Apps data buffer after write done hdlc.allocated: %d, non_hdlc.allocated: %d\n", hdlc_data.allocated, non_hdlc_data.allocated); diagmem_free(driver, temp->buf, POOL_TYPE_HDLC); temp->buf = NULL; temp->len = 0; Loading Loading
drivers/char/diag/diag_memorydevice.c +17 −3 Original line number Diff line number Diff line Loading @@ -177,7 +177,7 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) { int i, peripheral, pid = 0; uint8_t found = 0; unsigned long flags; unsigned long flags, flags_sec; struct diag_md_info *ch = NULL; struct diag_md_session_t *session_info = NULL; Loading Loading @@ -209,6 +209,16 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) } spin_lock_irqsave(&ch->lock, flags); if (peripheral == APPS_DATA) { spin_lock_irqsave(&driver->diagmem_lock, flags_sec); if (!hdlc_data.allocated && !non_hdlc_data.allocated) { spin_unlock_irqrestore(&driver->diagmem_lock, flags_sec); spin_unlock_irqrestore(&ch->lock, flags); mutex_unlock(&driver->md_session_lock); return -EINVAL; } } for (i = 0; i < ch->num_tbl_entries && !found; i++) { if (ch->tbl[i].buf != buf) continue; Loading @@ -220,14 +230,16 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) ch->tbl[i].len = 0; ch->tbl[i].ctx = 0; } spin_unlock_irqrestore(&ch->lock, flags); if (found) { if (peripheral == APPS_DATA) spin_unlock_irqrestore(&driver->diagmem_lock, flags_sec); spin_unlock_irqrestore(&ch->lock, flags); mutex_unlock(&driver->md_session_lock); return -ENOMEM; } spin_lock_irqsave(&ch->lock, flags); for (i = 0; i < ch->num_tbl_entries && !found; i++) { if (ch->tbl[i].len == 0) { ch->tbl[i].buf = buf; Loading @@ -237,6 +249,8 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx) diag_ws_on_read(DIAG_WS_MUX, len); } } if (peripheral == APPS_DATA) spin_unlock_irqrestore(&driver->diagmem_lock, flags_sec); spin_unlock_irqrestore(&ch->lock, flags); mutex_unlock(&driver->md_session_lock); Loading
drivers/char/diag/diagfwd.c +3 −0 Original line number Diff line number Diff line Loading @@ -1945,6 +1945,9 @@ static int diagfwd_mux_write_done(unsigned char *buf, int len, int buf_ctxt, DIAG_LOG(DIAG_DEBUG_PERIPHERALS, "No apps data buffer is allocated to be freed\n"); if (temp) { DIAG_LOG(DIAG_DEBUG_PERIPHERALS, "Freeing Apps data buffer after write done hdlc.allocated: %d, non_hdlc.allocated: %d\n", hdlc_data.allocated, non_hdlc_data.allocated); diagmem_free(driver, temp->buf, POOL_TYPE_HDLC); temp->buf = NULL; temp->len = 0; Loading
