Loading drivers/misc/qseecom.c +23 −11 Original line number Diff line number Diff line Loading @@ -1443,9 +1443,8 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) } entry->app_id = app_id; entry->ref_cnt = 1; memset((void *)entry->app_name, 0, MAX_APP_NAME_SIZE); memcpy((void *)entry->app_name, (void *)load_img_req.img_name, MAX_APP_NAME_SIZE); memcpy(entry->app_name, load_img_req.img_name, MAX_APP_NAME_SIZE); /* Deallocate the handle */ if (!IS_ERR_OR_NULL(ihandle)) ion_free(qseecom.ion_clnt, ihandle); Loading @@ -1459,9 +1458,8 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) (char *)(load_img_req.img_name)); } data->client.app_id = app_id; memset((void *)data->client.app_name, 0, MAX_APP_NAME_SIZE); memcpy((void *)data->client.app_name, (void *)load_img_req.img_name, MAX_APP_NAME_SIZE); memcpy(data->client.app_name, load_img_req.img_name, MAX_APP_NAME_SIZE); load_img_req.app_id = app_id; if (copy_to_user(argp, &load_img_req, sizeof(load_img_req))) { pr_err("copy_to_user failed\n"); Loading Loading @@ -1983,8 +1981,8 @@ static int __qseecom_send_cmd(struct qseecom_dev_handle *data, name_len = min(strlen(data->client.app_name), strlen(ptr_app->app_name)); if ((ptr_app->app_id == data->client.app_id) && (!memcmp((void *)ptr_app->app_name, (void *)data->client.app_name, name_len))) { (!memcmp(ptr_app->app_name, data->client.app_name, name_len))) { found_app = true; break; } Loading Loading @@ -2731,6 +2729,12 @@ int qseecom_start_app(struct qseecom_handle **handle, size_t len; ion_phys_addr_t pa; if (!app_name || strlen(app_name) >= MAX_APP_NAME_SIZE) { pr_err("The app_name (%s) with length %zu is not valid\n", app_name, strlen(app_name)); return -EINVAL; } *handle = kzalloc(sizeof(struct qseecom_handle), GFP_KERNEL); if (!(*handle)) { pr_err("failed to allocate memory for kernel client handle\n"); Loading Loading @@ -2811,6 +2815,7 @@ int qseecom_start_app(struct qseecom_handle **handle, if (ret < 0) goto err; data->client.app_id = ret; memcpy(data->client.app_name, app_name, MAX_APP_NAME_SIZE); } if (!found_app) { entry = kmalloc(sizeof(*entry), GFP_KERNEL); Loading @@ -2821,6 +2826,7 @@ int qseecom_start_app(struct qseecom_handle **handle, } entry->app_id = ret; entry->ref_cnt = 1; memcpy(entry->app_name, app_name, MAX_APP_NAME_SIZE); spin_lock_irqsave(&qseecom.registered_app_list_lock, flags); list_add_tail(&entry->list, &qseecom.registered_app_list_head); Loading Loading @@ -2884,6 +2890,9 @@ int qseecom_shutdown_app(struct qseecom_handle **handle) return -EINVAL; } data = (struct qseecom_dev_handle *) ((*handle)->dev); mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); spin_lock_irqsave(&qseecom.registered_kclient_list_lock, flags); list_for_each_entry(kclient, &qseecom.registered_kclient_list_head, list) { Loading Loading @@ -2916,12 +2925,16 @@ int qseecom_shutdown_app(struct qseecom_handle **handle) if (data->perf_enabled == true) qsee_disable_clock_vote(data, CLK_DFAB); } atomic_dec(&data->ioctl_count); mutex_unlock(&app_access_lock); if (ret == 0) { kzfree(data); kzfree(*handle); kzfree(kclient); *handle = NULL; } return ret; } EXPORT_SYMBOL(qseecom_shutdown_app); Loading Loading @@ -3602,9 +3615,8 @@ static int qseecom_query_app_loaded(struct qseecom_dev_handle *data, &qseecom.registered_app_list_lock, flags); data->client.app_id = ret; query_req.app_id = ret; memset((void *)data->client.app_name, 0, MAX_APP_NAME_SIZE); memcpy((void *)data->client.app_name, (void *)query_req.app_name, MAX_APP_NAME_SIZE); memcpy(data->client.app_name, query_req.app_name, MAX_APP_NAME_SIZE); if (copy_to_user(argp, &query_req, sizeof(query_req))) { pr_err("copy_to_user failed\n"); return -EFAULT; Loading Loading
drivers/misc/qseecom.c +23 −11 Original line number Diff line number Diff line Loading @@ -1443,9 +1443,8 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) } entry->app_id = app_id; entry->ref_cnt = 1; memset((void *)entry->app_name, 0, MAX_APP_NAME_SIZE); memcpy((void *)entry->app_name, (void *)load_img_req.img_name, MAX_APP_NAME_SIZE); memcpy(entry->app_name, load_img_req.img_name, MAX_APP_NAME_SIZE); /* Deallocate the handle */ if (!IS_ERR_OR_NULL(ihandle)) ion_free(qseecom.ion_clnt, ihandle); Loading @@ -1459,9 +1458,8 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) (char *)(load_img_req.img_name)); } data->client.app_id = app_id; memset((void *)data->client.app_name, 0, MAX_APP_NAME_SIZE); memcpy((void *)data->client.app_name, (void *)load_img_req.img_name, MAX_APP_NAME_SIZE); memcpy(data->client.app_name, load_img_req.img_name, MAX_APP_NAME_SIZE); load_img_req.app_id = app_id; if (copy_to_user(argp, &load_img_req, sizeof(load_img_req))) { pr_err("copy_to_user failed\n"); Loading Loading @@ -1983,8 +1981,8 @@ static int __qseecom_send_cmd(struct qseecom_dev_handle *data, name_len = min(strlen(data->client.app_name), strlen(ptr_app->app_name)); if ((ptr_app->app_id == data->client.app_id) && (!memcmp((void *)ptr_app->app_name, (void *)data->client.app_name, name_len))) { (!memcmp(ptr_app->app_name, data->client.app_name, name_len))) { found_app = true; break; } Loading Loading @@ -2731,6 +2729,12 @@ int qseecom_start_app(struct qseecom_handle **handle, size_t len; ion_phys_addr_t pa; if (!app_name || strlen(app_name) >= MAX_APP_NAME_SIZE) { pr_err("The app_name (%s) with length %zu is not valid\n", app_name, strlen(app_name)); return -EINVAL; } *handle = kzalloc(sizeof(struct qseecom_handle), GFP_KERNEL); if (!(*handle)) { pr_err("failed to allocate memory for kernel client handle\n"); Loading Loading @@ -2811,6 +2815,7 @@ int qseecom_start_app(struct qseecom_handle **handle, if (ret < 0) goto err; data->client.app_id = ret; memcpy(data->client.app_name, app_name, MAX_APP_NAME_SIZE); } if (!found_app) { entry = kmalloc(sizeof(*entry), GFP_KERNEL); Loading @@ -2821,6 +2826,7 @@ int qseecom_start_app(struct qseecom_handle **handle, } entry->app_id = ret; entry->ref_cnt = 1; memcpy(entry->app_name, app_name, MAX_APP_NAME_SIZE); spin_lock_irqsave(&qseecom.registered_app_list_lock, flags); list_add_tail(&entry->list, &qseecom.registered_app_list_head); Loading Loading @@ -2884,6 +2890,9 @@ int qseecom_shutdown_app(struct qseecom_handle **handle) return -EINVAL; } data = (struct qseecom_dev_handle *) ((*handle)->dev); mutex_lock(&app_access_lock); atomic_inc(&data->ioctl_count); spin_lock_irqsave(&qseecom.registered_kclient_list_lock, flags); list_for_each_entry(kclient, &qseecom.registered_kclient_list_head, list) { Loading Loading @@ -2916,12 +2925,16 @@ int qseecom_shutdown_app(struct qseecom_handle **handle) if (data->perf_enabled == true) qsee_disable_clock_vote(data, CLK_DFAB); } atomic_dec(&data->ioctl_count); mutex_unlock(&app_access_lock); if (ret == 0) { kzfree(data); kzfree(*handle); kzfree(kclient); *handle = NULL; } return ret; } EXPORT_SYMBOL(qseecom_shutdown_app); Loading Loading @@ -3602,9 +3615,8 @@ static int qseecom_query_app_loaded(struct qseecom_dev_handle *data, &qseecom.registered_app_list_lock, flags); data->client.app_id = ret; query_req.app_id = ret; memset((void *)data->client.app_name, 0, MAX_APP_NAME_SIZE); memcpy((void *)data->client.app_name, (void *)query_req.app_name, MAX_APP_NAME_SIZE); memcpy(data->client.app_name, query_req.app_name, MAX_APP_NAME_SIZE); if (copy_to_user(argp, &query_req, sizeof(query_req))) { pr_err("copy_to_user failed\n"); return -EFAULT; Loading
