Merge "diag: Prevent out of bound access while initializing msg mask"

	int temp_len = 0;

	uint8_t *buf = NULL;

	uint8_t *temp = NULL;

	uint8_t msg_mask_tbl_count_local = 0;

	uint32_t mask_size = 0;

	struct diag_mask_info *mask_info = NULL;

	struct diag_msg_mask_t *mask = NULL;

	struct diag_ctrl_msg_mask header;

	uint8_t msg_mask_tbl_count_local;

	struct diag_md_session_t *md_session_info = NULL;

	if (peripheral >= NUM_PERIPHERALS)

		return;

		return;

	}

	if (driver->md_session_mask != 0 &&

	    (driver->md_session_mask & MD_PERIPHERAL_MASK(peripheral)))

	if ((driver->md_session_mask != 0) &&

		(driver->md_session_mask & MD_PERIPHERAL_MASK(peripheral))) {

		md_session_info = driver->md_session_map[peripheral];

		mask_info = driver->md_session_map[peripheral]->msg_mask;

	else

	} else

		mask_info = &msg_mask;

	if (!mask_info)

		return;

	}

	buf = mask_info->update_buf;

	if (md_session_info)

		msg_mask_tbl_count_local = md_session_info->msg_mask_tbl_count;

	else

		msg_mask_tbl_count_local = driver->msg_mask_tbl_count;

	mutex_unlock(&driver->msg_mask_lock);

	mutex_lock(&mask_info->lock);

{

	int i;

	int write_len = 0;

	uint8_t msg_mask_tbl_count = 0;

	struct diag_msg_mask_t *mask_ptr = NULL;

	struct diag_msg_ssid_query_t rsp;

	struct diag_ssid_range_t ssid_range;

		return 0;

	}

	mutex_lock(&driver->msg_mask_lock);

	msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count :

		driver->msg_mask_tbl_count;

	rsp.cmd_code = DIAG_CMD_MSG_CONFIG;

	rsp.sub_cmd = DIAG_CMD_OP_GET_SSID_RANGE;

	rsp.status = MSG_STATUS_SUCCESS;

	rsp.padding = 0;

	rsp.count = driver->msg_mask_tbl_count;

	rsp.count = msg_mask_tbl_count;

	memcpy(dest_buf, &rsp, sizeof(rsp));

	write_len += sizeof(rsp);

	mask_ptr = (struct diag_msg_mask_t *)mask_info->ptr;

	for (i = 0; i <  driver->msg_mask_tbl_count; i++, mask_ptr++) {

	for (i = 0; i < msg_mask_tbl_count; i++, mask_ptr++) {

		if (write_len + sizeof(ssid_range) > dest_len) {

			pr_err("diag: In %s, Truncating response due to size limitations of rsp buffer\n",

			       __func__);

	int i;

	int write_len = 0;

	uint32_t mask_size = 0;

	uint8_t msg_mask_tbl_count = 0;

	struct diag_msg_mask_t *mask = NULL;

	struct diag_build_mask_req_t *req = NULL;

	struct diag_msg_build_mask_t rsp;

	}

	mutex_lock(&driver->msg_mask_lock);

	msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count :

			driver->msg_mask_tbl_count;

	req = (struct diag_build_mask_req_t *)src_buf;

	rsp.cmd_code = DIAG_CMD_MSG_CONFIG;

	rsp.sub_cmd = DIAG_CMD_OP_GET_MSG_MASK;

		mutex_unlock(&driver->md_session_lock);

		return -EINVAL;

	}

	for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {

	for (i = 0; i < msg_mask_tbl_count; i++, mask++) {

		if (!mask->ptr)

			continue;

		if ((req->ssid_first < mask->ssid_first) ||

	struct diag_msg_mask_t *mask_next = NULL;

	uint32_t *temp = NULL;

	struct diag_md_session_t *info = NULL;

	uint8_t msg_mask_tbl_count = 0;

	mutex_lock(&driver->md_session_lock);

	info = diag_md_session_get_pid(pid);

		mutex_unlock(&driver->md_session_lock);

		return -EINVAL;

	}

	for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {

	msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count :

			driver->msg_mask_tbl_count;

	for (i = 0; i < msg_mask_tbl_count; i++, mask++) {

		if (!mask->ptr)

			continue;

		if (i < (driver->msg_mask_tbl_count - 1)) {

		if (i < (msg_mask_tbl_count - 1)) {

			mask_next = mask;

			mask_next++;

		} else

	struct diag_msg_mask_t *mask = NULL;

	struct diag_mask_info *mask_info = NULL;

	struct diag_md_session_t *info = NULL;

	uint8_t msg_mask_tbl_count = 0;

	mutex_lock(&driver->md_session_lock);

	info = diag_md_session_get_pid(pid);

		mutex_unlock(&driver->md_session_lock);

		return -EINVAL;

	}

	msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count :

			driver->msg_mask_tbl_count;

	mask_info->status = (req->rt_mask) ? DIAG_CTRL_MASK_ALL_ENABLED :

					   DIAG_CTRL_MASK_ALL_DISABLED;

	for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {

	for (i = 0; i < msg_mask_tbl_count; i++, mask++) {

		if (mask && mask->ptr) {

			mutex_lock(&mask->lock);

			memset(mask->ptr, req->rt_mask,

		}

		kmemleak_not_leak(mask_info->update_buf);

	}

	mutex_init(&mask_info->lock);

	return 0;

}

	struct diag_log_mask_t *src_mask = NULL;

	struct diag_log_mask_t *dest_mask = NULL;

	if (!src)

	if (!src || !dest)

		return -EINVAL;

	mutex_init(&dest->lock);

	err = __diag_mask_init(dest, LOG_MASK_SIZE, APPS_BUF_SIZE);

	if (err)

		return err;

	int err = 0;

	int i;

	mutex_init(&msg_mask.lock);

	err = __diag_mask_init(&msg_mask, MSG_MASK_SIZE, APPS_BUF_SIZE);

	if (err)

		return err;

	err = diag_create_msg_mask_table();

	if (err) {

		pr_err("diag: Unable to create msg masks, err: %d\n", err);

	return 0;

}

int diag_msg_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src)

int diag_msg_mask_copy(struct diag_md_session_t *new_session,

	struct diag_mask_info *dest, struct diag_mask_info *src)

{

	int i;

	int err = 0;

	if (!src || !dest)

		return -EINVAL;

	err = __diag_mask_init(dest, MSG_MASK_SIZE, APPS_BUF_SIZE);

	if (err)

		return err;

	mutex_init(&dest->lock);

	mutex_lock(&dest->lock);

	mutex_lock(&driver->msg_mask_lock);

	new_session->msg_mask_tbl_count =

		driver->msg_mask_tbl_count;

	err = __diag_mask_init(dest,

		(new_session->msg_mask_tbl_count *

		sizeof(struct diag_msg_mask_t)), APPS_BUF_SIZE);

	if (err) {

		mutex_unlock(&driver->msg_mask_lock);

		mutex_unlock(&dest->lock);

		return err;

	}

	src_mask = (struct diag_msg_mask_t *)src->ptr;

	dest_mask = (struct diag_msg_mask_t *)dest->ptr;

	dest->mask_len = src->mask_len;

	dest->status = src->status;

	for (i = 0; i < driver->msg_mask_tbl_count; i++) {

	for (i = 0; i < new_session->msg_mask_tbl_count; i++) {

		range.ssid_first = src_mask->ssid_first;

		range.ssid_last = src_mask->ssid_last;

		err = diag_create_msg_mask_table_entry(dest_mask, &range);

	return err;

}

void diag_msg_mask_free(struct diag_mask_info *mask_info)

void diag_msg_mask_free(struct diag_mask_info *mask_info,

	struct diag_md_session_t *session_info)

{

	int i;

	struct diag_msg_mask_t *mask = NULL;

	uint8_t msg_mask_tbl_count = 0;

	if (!mask_info || !mask_info->ptr)

		return;

		mutex_unlock(&mask_info->lock);

		return;

	}

	for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {

	msg_mask_tbl_count = (session_info) ?

		session_info->msg_mask_tbl_count :

		driver->msg_mask_tbl_count;

	for (i = 0; i < msg_mask_tbl_count; i++, mask++) {

		kfree(mask->ptr);

		mask->ptr = NULL;

	}

	int err = 0;

	/* There is no need for update buffer for Build Time masks */

	mutex_init(&msg_bt_mask.lock);

	err = __diag_mask_init(&msg_bt_mask, MSG_MASK_SIZE, 0);

	if (err)

		return err;

	int err = 0;

	int i;

	mutex_init(&log_mask.lock);

	err = __diag_mask_init(&log_mask, LOG_MASK_SIZE, APPS_BUF_SIZE);

	if (err)

		return err;

	int err = 0;

	int i;

	mutex_init(&event_mask.lock);

	err = __diag_mask_init(&event_mask, EVENT_MASK_SIZE, APPS_BUF_SIZE);

	if (err)

		return err;

	if (!src || !dest)

		return -EINVAL;

	mutex_init(&dest->lock);

	err = __diag_mask_init(dest, EVENT_MASK_SIZE, APPS_BUF_SIZE);

	if (err)

		return err;

	struct diag_mask_info *mask_info = NULL;

	struct diag_msg_mask_t *mask = NULL;

	unsigned char *ptr = NULL;

	uint8_t msg_mask_tbl_count = 0;

	if (!buf || count == 0)

		return -EINVAL;

		mutex_unlock(&mask_info->lock);

		return -EINVAL;

	}

	for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {

	msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count :

			driver->msg_mask_tbl_count;

	for (i = 0; i < msg_mask_tbl_count; i++, mask++) {

		if (!mask->ptr)

			continue;

		ptr = mask_info->update_buf;

void diag_masks_exit(void);

int diag_log_mask_copy(struct diag_mask_info *dest,

		       struct diag_mask_info *src);

int diag_msg_mask_copy(struct diag_mask_info *dest,

		       struct diag_mask_info *src);

int diag_msg_mask_copy(struct diag_md_session_t *new_session,

	struct diag_mask_info *dest, struct diag_mask_info *src);

int diag_event_mask_copy(struct diag_mask_info *dest,

			 struct diag_mask_info *src);

void diag_log_mask_free(struct diag_mask_info *mask_info);

void diag_msg_mask_free(struct diag_mask_info *mask_info);

void diag_msg_mask_free(struct diag_mask_info *mask_info,

	struct diag_md_session_t *session_info);

void diag_event_mask_free(struct diag_mask_info *mask_info);

int diag_process_apps_masks(unsigned char *buf, int len, int pid);

void diag_send_updates_peripheral(uint8_t peripheral);

	int pid;

	int peripheral_mask;

	uint8_t hdlc_disabled;

	uint8_t msg_mask_tbl_count;

	struct timer_list hdlc_reset_timer;

	struct diag_mask_info *msg_mask;

	struct diag_mask_info *log_mask;

			diag_log_mask_free(session_info->log_mask);

			kfree(session_info->log_mask);

			session_info->log_mask = NULL;

			diag_msg_mask_free(session_info->msg_mask);

			diag_msg_mask_free(session_info->msg_mask,

				session_info);

			kfree(session_info->msg_mask);

			session_info->msg_mask = NULL;

			diag_event_mask_free(session_info->event_mask);

			 "return value of event copy. err %d\n", err);

		goto fail_peripheral;

	}

	err = diag_msg_mask_copy(new_session->msg_mask, &msg_mask);

	new_session->msg_mask_tbl_count = 0;

	err = diag_msg_mask_copy(new_session, new_session->msg_mask,

		&msg_mask);

	if (err) {

		DIAG_LOG(DIAG_DEBUG_USERSPACE,

			 "return value of msg copy. err %d\n", err);

	diag_event_mask_free(new_session->event_mask);

	kfree(new_session->event_mask);

	new_session->event_mask = NULL;

	diag_msg_mask_free(new_session->msg_mask);

	diag_msg_mask_free(new_session->msg_mask,

		new_session);

	kfree(new_session->msg_mask);

	new_session->msg_mask = NULL;

	kfree(new_session);

	diag_log_mask_free(session_info->log_mask);

	kfree(session_info->log_mask);

	session_info->log_mask = NULL;

	diag_msg_mask_free(session_info->msg_mask);

	diag_msg_mask_free(session_info->msg_mask,

		session_info);

	kfree(session_info->msg_mask);

	session_info->msg_mask = NULL;

	diag_event_mask_free(session_info->event_mask);