Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ecf3cf7a authored by Manoj Prabhu B's avatar Manoj Prabhu B
Browse files

diag: Identify apps data buffer with hdlc context 



HDLC status of the buffer used in processing user space apps
packets is not known when freeing the buffer is leading to wrong
buffer freed and in turn possibly leading to resource starvation.
Using HDLC context to identify the buffer prevents the issue.

Change-Id: I7516f5ea56398372deaed3b41f33885bdbddc067
Signed-off-by: default avatarManoj Prabhu B <bmanoj@codeaurora.org>
parent 12c0afc9

drivers/char/diag/diagchar.h

+3 −0
Original line number Diff line number Diff line
@@ -222,6 +222,9 @@ 
#define DEFAULT_LOW_WM_VAL	15

#define DEFAULT_HIGH_WM_VAL	85



#define HDLC_CTXT		1

#define NON_HDLC_CTXT	2



#define TYPE_DATA		0

#define TYPE_CNTL		1

#define TYPE_DCI		2

drivers/char/diag/diagchar_core.c

+2 −0
Original line number Diff line number Diff line
@@ -4390,10 +4390,12 @@ static int __init diagchar_init(void) 
	driver->in_busy_dcipktdata = 0;

	driver->rsp_buf_ctxt = SET_BUF_CTXT(APPS_DATA, TYPE_CMD, TYPE_CMD);

	hdlc_data.ctxt = SET_BUF_CTXT(APPS_DATA, TYPE_DATA, 1);

	hdlc_data.ctxt |= SET_HDLC_CTXT(HDLC_CTXT);

	hdlc_data.len = 0;

	hdlc_data.allocated = 0;

	hdlc_data.flushed = 0;

	non_hdlc_data.ctxt = SET_BUF_CTXT(APPS_DATA, TYPE_DATA, 1);

	non_hdlc_data.ctxt |= SET_HDLC_CTXT(NON_HDLC_CTXT);

	non_hdlc_data.len = 0;

	non_hdlc_data.allocated = 0;

	non_hdlc_data.flushed = 0;

drivers/char/diag/diagfwd.c

+8 −6
Original line number Diff line number Diff line
@@ -1915,9 +1915,8 @@ static int diagfwd_mux_write_done(unsigned char *buf, int len, int buf_ctxt, 
				  int ctxt)

{

	unsigned long flags;

	int peripheral = -1;

	int type = -1;

	int num = -1;

	int peripheral = -1, type = -1;

	int num = -1, hdlc_ctxt = -1;

	struct diag_apps_data_t *temp = NULL;



	if (!buf || len < 0)
@@ -1937,16 +1936,19 @@ static int diagfwd_mux_write_done(unsigned char *buf, int len, int buf_ctxt, 
			diag_ws_on_copy(DIAG_WS_MUX);

		} else if (peripheral == APPS_DATA) {

			spin_lock_irqsave(&driver->diagmem_lock, flags);

			if (hdlc_data.allocated)

			hdlc_ctxt = GET_HDLC_CTXT(buf_ctxt);

			if ((hdlc_ctxt == HDLC_CTXT) && hdlc_data.allocated)

				temp = &hdlc_data;

			else if (non_hdlc_data.allocated)

			else if ((hdlc_ctxt == NON_HDLC_CTXT) &&

				non_hdlc_data.allocated)

				temp = &non_hdlc_data;

			else

				DIAG_LOG(DIAG_DEBUG_PERIPHERALS,

				"No apps data buffer is allocated to be freed\n");

			if (temp) {

				DIAG_LOG(DIAG_DEBUG_PERIPHERALS,

				"Freeing Apps data buffer after write done hdlc.allocated: %d, non_hdlc.allocated: %d\n",

				"Freeing Apps data buffer after write done hdlc_ctxt: %d, hdlc.allocated: %d, non_hdlc.allocated: %d\n",

				hdlc_ctxt,

				hdlc_data.allocated, non_hdlc_data.allocated);

				diagmem_free(driver, temp->buf, POOL_TYPE_HDLC);

				temp->buf = NULL;

drivers/char/diag/diagfwd.h

+4 −1
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/* Copyright (c) 2008-2018, The Linux Foundation. All rights reserved.

/* Copyright (c) 2008-2019, The Linux Foundation. All rights reserved.

 */



#ifndef DIAGFWD_H
@@ -17,6 +17,9 @@ 
#define GET_BUF_NUM(n)		((n & 0x0000FF))

#define GET_PD_CTXT(u)		((u & 0xFF000000) >> 24)



#define SET_HDLC_CTXT(u)	((u & 0xFF) << 24)

#define GET_HDLC_CTXT(u)	((u & 0xFF000000) >> 24)



#define CHK_OVERFLOW(bufStart, start, end, length) \

	((((bufStart) <= (start)) && ((end) - (start) >= (length))) ? 1 : 0)