diag: Fix possible use-after-free issue for mdlog session info (9f16e9b0) · Commits · e / devices / android_kernel_oneplus_sm8150

drivers/char/diag/diag_masks.c

+98 −39

Original line number	Diff line number	Diff line
		@@ -536,8 +536,7 @@ static void diag_send_feature_mask_update(uint8_t peripheral)
		}

		static int diag_cmd_get_ssid_range(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i;
		int write_len = 0;
		@@ -545,23 +544,30 @@ static int diag_cmd_get_ssid_range(unsigned char *src_buf, int src_len,
		struct diag_msg_ssid_query_t rsp;
		struct diag_ssid_range_t ssid_range;
		struct diag_mask_info *mask_info = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);
		mask_info = (!info) ? &msg_mask : info->msg_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		!mask_info) {
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}

		if (!diag_apps_responds())
		if (!diag_apps_responds()) {
		mutex_unlock(&driver->md_session_lock);
		return 0;
		}
		mutex_lock(&driver->msg_mask_lock);
		rsp.cmd_code = DIAG_CMD_MSG_CONFIG;
		rsp.sub_cmd = DIAG_CMD_OP_GET_SSID_RANGE;
		@@ -583,12 +589,12 @@ static int diag_cmd_get_ssid_range(unsigned char *src_buf, int src_len,
		write_len += sizeof(ssid_range);
		}
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&driver->md_session_lock);
		return write_len;
		}

		static int diag_cmd_get_build_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i = 0;
		int write_len = 0;
		@@ -641,8 +647,7 @@ static int diag_cmd_get_build_mask(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i;
		int write_len = 0;
		@@ -651,6 +656,10 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
		struct diag_build_mask_req_t *req = NULL;
		struct diag_msg_build_mask_t rsp;
		struct diag_mask_info *mask_info = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);

		mask_info = (!info) ? &msg_mask : info->msg_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		@@ -658,15 +667,19 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!diag_apps_responds())
		if (!diag_apps_responds()) {
		mutex_unlock(&driver->md_session_lock);
		return 0;
		}

		mutex_lock(&driver->msg_mask_lock);
		req = (struct diag_build_mask_req_t *)src_buf;
		@@ -681,6 +694,7 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
		__func__, mask->ptr);
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
		@@ -700,12 +714,12 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
		memcpy(dest_buf, &rsp, sizeof(rsp));
		write_len += sizeof(rsp);
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&driver->md_session_lock);
		return write_len;
		}

		static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		uint32_t mask_size = 0, offset = 0;
		uint32_t *temp = NULL;
		@@ -716,6 +730,10 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		struct diag_msg_build_mask_t rsp;
		struct diag_mask_info *mask_info = NULL;
		struct diag_msg_mask_t *mask_next = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);

		mask_info = (!info) ? &msg_mask : info->msg_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		@@ -723,11 +741,13 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}

		@@ -740,6 +760,7 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		__func__, mask->ptr);
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
		@@ -782,6 +803,7 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		mutex_unlock(&mask->lock);
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		return -ENOMEM;
		}
		mask->ptr = temp;
		@@ -802,6 +824,7 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		}
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		if (diag_check_update(APPS_DATA))
		diag_update_userspace_clients(MSG_MASKS_TYPE);

		@@ -842,8 +865,7 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i, write_len = 0, peripheral;
		int header_len = sizeof(struct diag_msg_config_rsp_t);
		@@ -851,6 +873,10 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
		struct diag_msg_config_rsp_t *req = NULL;
		struct diag_msg_mask_t *mask = NULL;
		struct diag_mask_info *mask_info = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);

		mask_info = (!info) ? &msg_mask : info->msg_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		@@ -858,11 +884,13 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}

		@@ -877,6 +905,7 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
		__func__, mask->ptr);
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		mask_info->status = (req->rt_mask) ? DIAG_CTRL_MASK_ALL_ENABLED :
		@@ -889,7 +918,7 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
		}
		mutex_unlock(&driver->msg_mask_lock);
		mutex_unlock(&mask_info->lock);

		mutex_unlock(&driver->md_session_lock);
		if (diag_check_update(APPS_DATA))
		diag_update_userspace_clients(MSG_MASKS_TYPE);

		@@ -923,8 +952,7 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_get_event_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int write_len = 0;
		uint32_t mask_size;
		@@ -959,26 +987,30 @@ static int diag_cmd_get_event_mask(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_update_event_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i, write_len = 0, mask_len = 0, peripheral;
		int header_len = sizeof(struct diag_event_mask_config_t);
		struct diag_event_mask_config_t rsp;
		struct diag_event_mask_config_t *req;
		struct diag_mask_info *mask_info = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);
		mask_info = (!info) ? &event_mask : info->event_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		!mask_info) {
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		req = (struct diag_event_mask_config_t *)src_buf;
		@@ -986,6 +1018,7 @@ static int diag_cmd_update_event_mask(unsigned char *src_buf, int src_len,
		if (mask_len <= 0 \|\| mask_len > event_mask.mask_len) {
		pr_err("diag: In %s, invalid event mask len: %d\n", __func__,
		mask_len);
		mutex_unlock(&driver->md_session_lock);
		return -EIO;
		}

		@@ -993,6 +1026,7 @@ static int diag_cmd_update_event_mask(unsigned char *src_buf, int src_len,
		memcpy(mask_info->ptr, src_buf + header_len, mask_len);
		mask_info->status = DIAG_CTRL_MASK_VALID;
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		if (diag_check_update(APPS_DATA))
		diag_update_userspace_clients(EVENT_MASKS_TYPE);

		@@ -1027,25 +1061,29 @@ static int diag_cmd_update_event_mask(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_toggle_events(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int write_len = 0, i, peripheral;
		uint8_t toggle = 0;
		struct diag_event_report_t header;
		struct diag_mask_info *mask_info = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);
		mask_info = (!info) ? &event_mask : info->event_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		!mask_info) {
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}

		@@ -1059,6 +1097,7 @@ static int diag_cmd_toggle_events(unsigned char *src_buf, int src_len,
		memset(mask_info->ptr, 0, mask_info->mask_len);
		}
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		if (diag_check_update(APPS_DATA))
		diag_update_userspace_clients(EVENT_MASKS_TYPE);

		@@ -1088,8 +1127,7 @@ static int diag_cmd_toggle_events(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i;
		int status = LOG_STATUS_INVALID;
		@@ -1102,6 +1140,10 @@ static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
		struct diag_log_config_req_t *req;
		struct diag_log_config_rsp_t rsp;
		struct diag_mask_info *mask_info = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);

		mask_info = (!info) ? &log_mask : info->log_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		@@ -1109,16 +1151,20 @@ static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}

		if (!diag_apps_responds())
		if (!diag_apps_responds()) {
		mutex_unlock(&driver->md_session_lock);
		return 0;
		}

		req = (struct diag_log_config_req_t *)src_buf;
		read_len += req_header_len;
		@@ -1138,6 +1184,7 @@ static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
		if (!log_item->ptr) {
		pr_err("diag: Invalid input in %s, mask: %pK\n",
		__func__, log_item);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		for (i = 0; i < MAX_EQUIP_ID; i++, log_item++) {
		@@ -1179,28 +1226,27 @@ static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
		rsp.status = status;
		memcpy(dest_buf, &rsp, rsp_header_len);

		mutex_unlock(&driver->md_session_lock);
		return write_len;
		}

		static int diag_cmd_get_log_range(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		int i;
		int write_len = 0;
		struct diag_log_config_rsp_t rsp;
		struct diag_mask_info *mask_info = NULL;
		struct diag_log_mask_t mask = (struct diag_log_mask_t )log_mask.ptr;

		if (!mask)
		return -EINVAL;

		if (!diag_apps_responds())
		return 0;

		mask_info = (!info) ? &log_mask : info->log_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		!mask_info) {
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0) {
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d\n",
		__func__, src_buf, src_len, dest_buf, dest_len);
		return -EINVAL;
		}

		@@ -1223,7 +1269,7 @@ static int diag_cmd_get_log_range(unsigned char *src_buf, int src_len,

		static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		int pid)
		{
		int i, peripheral, write_len = 0;
		int status = LOG_STATUS_SUCCESS;
		@@ -1236,6 +1282,10 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
		struct diag_log_mask_t *mask = NULL;
		struct diag_mask_info *mask_info = NULL;
		unsigned char *temp_buf = NULL;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);

		mask_info = (!info) ? &log_mask : info->log_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		@@ -1243,11 +1293,13 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}

		@@ -1257,6 +1309,7 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
		if (!mask->ptr) {
		pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
		__func__, mask->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (req->equip_id >= MAX_EQUIP_ID) {
		@@ -1319,6 +1372,7 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
		break;
		}
		mutex_unlock(&mask_info->lock);
		mutex_unlock(&driver->md_session_lock);
		if (diag_check_update(APPS_DATA))
		diag_update_userspace_clients(LOG_MASKS_TYPE);

		@@ -1365,13 +1419,16 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
		}

		static int diag_cmd_disable_log_mask(unsigned char *src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info)
		unsigned char *dest_buf, int dest_len, int pid)
		{
		struct diag_mask_info *mask_info = NULL;
		struct diag_log_mask_t *mask = NULL;
		struct diag_log_config_rsp_t header;
		int write_len = 0, i, peripheral;
		struct diag_md_session_t *info = NULL;

		mutex_lock(&driver->md_session_lock);
		info = diag_md_session_get_pid(pid);

		mask_info = (!info) ? &log_mask : info->log_mask;
		if (!src_buf \|\| !dest_buf \|\| src_len <= 0 \|\| dest_len <= 0 \|\|
		@@ -1379,17 +1436,20 @@ static int diag_cmd_disable_log_mask(unsigned char *src_buf, int src_len,
		pr_err("diag: Invalid input in %s, src_buf: %pK, src_len: %d, dest_buf: %pK, dest_len: %d, mask_info: %pK\n",
		__func__, src_buf, src_len, dest_buf, dest_len,
		mask_info);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		if (!mask_info->ptr) {
		pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
		__func__, mask_info->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		mask = (struct diag_log_mask_t *)mask_info->ptr;
		if (!mask->ptr) {
		pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
		__func__, mask->ptr);
		mutex_unlock(&driver->md_session_lock);
		return -EINVAL;
		}
		for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
		@@ -1398,6 +1458,7 @@ static int diag_cmd_disable_log_mask(unsigned char *src_buf, int src_len,
		mutex_unlock(&mask->lock);
		}
		mask_info->status = DIAG_CTRL_MASK_ALL_DISABLED;
		mutex_unlock(&driver->md_session_lock);
		if (diag_check_update(APPS_DATA))
		diag_update_userspace_clients(LOG_MASKS_TYPE);

		@@ -2146,13 +2207,11 @@ void diag_send_updates_peripheral(uint8_t peripheral)
		}
		}

		int diag_process_apps_masks(unsigned char *buf, int len,
		struct diag_md_session_t *info)
		int diag_process_apps_masks(unsigned char *buf, int len, int pid)
		{
		int size = 0, sub_cmd = 0;
		int (hdlr)(unsigned char src_buf, int src_len,
		unsigned char *dest_buf, int dest_len,
		struct diag_md_session_t *info) = NULL;
		unsigned char *dest_buf, int dest_len, int pid) = NULL;

		if (!buf \|\| len <= 0)
		return -EINVAL;
		@@ -2202,7 +2261,7 @@ int diag_process_apps_masks(unsigned char *buf, int len,

		if (hdlr)
		size = hdlr(buf, len, driver->apps_rsp_buf,
		DIAG_MAX_RSP_SIZE, info);
		DIAG_MAX_RSP_SIZE, pid);

		return (size > 0) ? size : 0;
		}

drivers/char/diag/diag_masks.h

+2 −3

Original line number	Diff line number	Diff line
		/* Copyright (c) 2013-2015, 2017 The Linux Foundation. All rights reserved.
		/* Copyright (c) 2013-2015, 2017-2018 The Linux Foundation. All rights reserved.
		*
		* This program is free software; you can redistribute it and/or modify
		* it under the terms of the GNU General Public License version 2 and
		@@ -167,8 +167,7 @@ int diag_event_mask_copy(struct diag_mask_info *dest,
		void diag_log_mask_free(struct diag_mask_info *mask_info);
		void diag_msg_mask_free(struct diag_mask_info *mask_info);
		void diag_event_mask_free(struct diag_mask_info *mask_info);
		int diag_process_apps_masks(unsigned char *buf, int len,
		struct diag_md_session_t *info);
		int diag_process_apps_masks(unsigned char *buf, int len, int pid);
		void diag_send_updates_peripheral(uint8_t peripheral);

		extern int diag_create_msg_mask_table_entry(struct diag_msg_mask_t *msg_mask,

drivers/char/diag/diag_memorydevice.c

+9 −7

Original line number	Diff line number	Diff line
		@@ -129,11 +129,10 @@ void diag_md_close_all(void)

		int diag_md_write(int id, unsigned char *buf, int len, int ctx)
		{
		int i;
		int i, peripheral, pid = 0;
		uint8_t found = 0;
		unsigned long flags;
		struct diag_md_info *ch = NULL;
		int peripheral;
		struct diag_md_session_t *session_info = NULL;

		if (id < 0 \|\| id >= NUM_DIAG_MD_DEV \|\| id >= DIAG_NUM_PROC)
		@@ -146,10 +145,14 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx)
		if (peripheral < 0)
		return -EINVAL;

		session_info =
		diag_md_session_get_peripheral(peripheral);
		if (!session_info)
		mutex_lock(&driver->md_session_lock);
		session_info = diag_md_session_get_peripheral(peripheral);
		if (!session_info) {
		mutex_unlock(&driver->md_session_lock);
		return -EIO;
		}
		pid = session_info->pid;
		mutex_unlock(&driver->md_session_lock);

		ch = &diag_md[id];
		if (!ch)
		@@ -192,8 +195,7 @@ int diag_md_write(int id, unsigned char *buf, int len, int ctx)

		found = 0;
		for (i = 0; i < driver->num_clients && !found; i++) {
		if ((driver->client_map[i].pid !=
		session_info->pid) \|\|
		if ((driver->client_map[i].pid != pid) \|\|
		(driver->client_map[i].pid == 0))
		continue;

drivers/char/diag/diag_usb.c

+2 −2

Original line number	Diff line number	Diff line
		/* Copyright (c) 2014-2017, The Linux Foundation. All rights reserved.
		/* Copyright (c) 2014-2018, The Linux Foundation. All rights reserved.
		*
		* This program is free software; you can redistribute it and/or modify
		* it under the terms of the GNU General Public License version 2 and
		@@ -221,7 +221,7 @@ static void usb_disconnect(struct diag_usb_info *ch)

		if (!atomic_read(&ch->connected) &&
		driver->usb_connected && diag_mask_param())
		diag_clear_masks(NULL);
		diag_clear_masks(0);

		if (ch && ch->ops && ch->ops->close)
		ch->ops->close(ch->ctxt, DIAG_USB_MODE);

drivers/char/diag/diagchar.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -714,7 +714,7 @@ void diag_cmd_remove_reg_by_pid(int pid);
		void diag_cmd_remove_reg_by_proc(int proc);
		int diag_cmd_chk_polling(struct diag_cmd_reg_entry_t *entry);
		int diag_mask_param(void);
		void diag_clear_masks(struct diag_md_session_t *info);
		void diag_clear_masks(int pid);
		uint8_t diag_mask_to_pd_value(uint32_t peripheral_mask);
		int diag_query_pd(char *process_name);
		int diag_search_peripheral_by_pd(uint8_t pd_val);