diag: Add protection while processing non-hdlc packets

	unsigned char *buf_feature_mask_update;

	uint8_t hdlc_disabled;

	struct mutex hdlc_disable_mutex;

	struct mutex hdlc_recovery_mutex;

	struct timer_list hdlc_reset_timer;

	struct mutex diag_hdlc_mutex;

	unsigned char *hdlc_buf;

	mutex_init(&driver->delayed_rsp_mutex);

	mutex_init(&apps_data_mutex);

	mutex_init(&driver->msg_mask_lock);

	mutex_init(&driver->hdlc_recovery_mutex);

	for (i = 0; i < NUM_PERIPHERALS; i++)

		mutex_init(&driver->diagfwd_channel_mutex[i]);

	init_waitqueue_head(&driver->wait_q);

/* Copyright (c) 2008-2016, The Linux Foundation. All rights reserved.

/* Copyright (c) 2008-2017, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

	if (start_ptr) {

		/* Discard any partial packet reads */

		mutex_lock(&driver->hdlc_recovery_mutex);

		driver->incoming_pkt.processing = 0;

		mutex_unlock(&driver->hdlc_recovery_mutex);

		diag_process_non_hdlc_pkt(start_ptr, len - i, info);

	}

}

	const uint32_t header_len = sizeof(struct diag_pkt_frame_t);

	struct diag_pkt_frame_t *actual_pkt = NULL;

	unsigned char *data_ptr = NULL;

	struct diag_partial_pkt_t *partial_pkt = &driver->incoming_pkt;

	struct diag_partial_pkt_t *partial_pkt = NULL;

	if (!buf || len <= 0)

	mutex_lock(&driver->hdlc_recovery_mutex);

	if (!buf || len <= 0) {

		mutex_unlock(&driver->hdlc_recovery_mutex);

		return;

	if (!partial_pkt->processing)

	}

	partial_pkt = &driver->incoming_pkt;

	if (!partial_pkt->processing) {

		mutex_unlock(&driver->hdlc_recovery_mutex);

		goto start;

	}

	if (partial_pkt->remaining > len) {

		if ((partial_pkt->read_len + len) > partial_pkt->capacity) {

			pr_err("diag: Invalid length %d, %d received in %s\n",

			       partial_pkt->read_len, len, __func__);

			mutex_unlock(&driver->hdlc_recovery_mutex);

			goto end;

		}

		memcpy(partial_pkt->data + partial_pkt->read_len, buf, len);

			pr_err("diag: Invalid length during partial read %d, %d received in %s\n",

			       partial_pkt->read_len,

			       partial_pkt->remaining, __func__);

			mutex_unlock(&driver->hdlc_recovery_mutex);

			goto end;

		}

		memcpy(partial_pkt->data + partial_pkt->read_len, buf,

	if (partial_pkt->remaining == 0) {

		actual_pkt = (struct diag_pkt_frame_t *)(partial_pkt->data);

		data_ptr = partial_pkt->data + header_len;

		if (*(uint8_t *)(data_ptr + actual_pkt->length) != CONTROL_CHAR)

		if (*(uint8_t *)(data_ptr + actual_pkt->length) !=

						CONTROL_CHAR) {

			mutex_unlock(&driver->hdlc_recovery_mutex);

			diag_hdlc_start_recovery(buf, len, info);

			mutex_lock(&driver->hdlc_recovery_mutex);

		}

		err = diag_process_apps_pkt(data_ptr,

					    actual_pkt->length, info);

		if (err) {

			pr_err("diag: In %s, unable to process incoming data packet, err: %d\n",

			       __func__, err);

			mutex_unlock(&driver->hdlc_recovery_mutex);

			goto end;

		}

		partial_pkt->read_len = 0;

		partial_pkt->total_len = 0;

		partial_pkt->processing = 0;

		mutex_unlock(&driver->hdlc_recovery_mutex);

		goto start;

	}

	mutex_unlock(&driver->hdlc_recovery_mutex);

	goto end;

start:

			diag_send_error_rsp(buf, len);

			goto end;

		}

		mutex_lock(&driver->hdlc_recovery_mutex);

		if (pkt_len + header_len > partial_pkt->capacity) {

			pr_err("diag: In %s, incoming data is too large for the request buffer %d\n",

			       __func__, pkt_len);

			mutex_unlock(&driver->hdlc_recovery_mutex);

			diag_hdlc_start_recovery(buf, len, info);

			break;

		}

		if ((pkt_len + header_len) > (len - read_bytes)) {

			partial_pkt->read_len = len - read_bytes;

			partial_pkt->total_len = pkt_len + header_len;

						 partial_pkt->read_len;

			partial_pkt->processing = 1;

			memcpy(partial_pkt->data, buf, partial_pkt->read_len);

			mutex_unlock(&driver->hdlc_recovery_mutex);

			break;

		}

		data_ptr = buf + header_len;

		if (*(uint8_t *)(data_ptr + actual_pkt->length) != CONTROL_CHAR)

		if (*(uint8_t *)(data_ptr + actual_pkt->length) !=

						CONTROL_CHAR) {

			mutex_unlock(&driver->hdlc_recovery_mutex);

			diag_hdlc_start_recovery(buf, len, info);

			mutex_lock(&driver->hdlc_recovery_mutex);

		}

		else

			hdlc_reset = 0;

		err = diag_process_apps_pkt(data_ptr,

					    actual_pkt->length, info);

		if (err)

		if (err) {

			mutex_unlock(&driver->hdlc_recovery_mutex);

			break;

		}

		read_bytes += header_len + pkt_len + 1;

		buf += header_len + pkt_len + 1; /* advance to next pkt */

		mutex_unlock(&driver->hdlc_recovery_mutex);

	}

end:

	return;