Loading drivers/char/diag/diagchar_core.c +7 −5 Original line number Diff line number Diff line /* Copyright (c) 2008-2020, The Linux Foundation. All rights reserved. /* Copyright (c) 2008-2021, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -1996,13 +1996,15 @@ static int diag_switch_logging(struct diag_logging_mode_param_t *param) driver->pcie_switch_pid = current->tgid; } if (new_mode == DIAG_PCIE_MODE) { driver->transport_set = DIAG_ROUTE_TO_PCIE; driver->transport_set = DIAG_ROUTE_TO_PCIE; diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_pcie_apps, (poolsize_pcie_apps + 1 + (NUM_PERIPHERALS * 6))); } else if (new_mode == DIAG_USB_MODE) { driver->transport_set = DIAG_ROUTE_TO_USB; driver->transport_set = DIAG_ROUTE_TO_USB; diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_usb_apps, (poolsize_usb_apps + 1 + Loading Loading @@ -4400,7 +4402,7 @@ static void diag_init_transport(void) * The number of buffers encompasses Diag data generated on * the Apss processor + 1 for the responses generated * exclusively on the Apps processor + data from data channels *(4 channels periperipheral) + data from command channels (2) *(4 channels per peripheral) + data from command channels (2) */ diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_pcie_apps, poolsize_pcie_apps + 1 + (NUM_PERIPHERALS * 6)); Loading @@ -4419,7 +4421,7 @@ static void diag_init_transport(void) * The number of buffers encompasses Diag data generated on * the Apss processor + 1 for the responses generated * exclusively on the Apps processor + data from data channels *(4 channels periperipheral) + data from command channels (2) *(4 channels per peripheral) + data from command channels (2) */ diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_usb_apps, poolsize_usb_apps + 1 + (NUM_PERIPHERALS * 6)); Loading drivers/char/diag/diagmem.c +6 −2 Original line number Diff line number Diff line /* Copyright (c) 2008-2014, 2016-2017, 2019 The Linux Foundation. All rights reserved. /* Copyright (c) 2008-2014, 2016-2017, 2019, 2021 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -152,6 +152,9 @@ void diagmem_setsize(int pool_idx, int itemsize, int poolsize) } diag_mempools[pool_idx].itemsize = itemsize; if (diag_mempools[pool_idx].pool) diag_mempools[pool_idx].pool->pool_data = (void *)(uintptr_t)itemsize; diag_mempools[pool_idx].poolsize = poolsize; pr_debug("diag: Mempool %s sizes: itemsize %d poolsize %d\n", diag_mempools[pool_idx].name, diag_mempools[pool_idx].itemsize, Loading @@ -177,7 +180,8 @@ void *diagmem_alloc(struct diagchar_dev *driver, int size, int pool_type) mempool->name); break; } if (size == 0 || size > mempool->itemsize) { if (size == 0 || size > mempool->itemsize || size > (int)mempool->pool->pool_data) { pr_err_ratelimited("diag: cannot alloc from mempool %s, invalid size: %d\n", mempool->name, size); break; Loading Loading
drivers/char/diag/diagchar_core.c +7 −5 Original line number Diff line number Diff line /* Copyright (c) 2008-2020, The Linux Foundation. All rights reserved. /* Copyright (c) 2008-2021, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -1996,13 +1996,15 @@ static int diag_switch_logging(struct diag_logging_mode_param_t *param) driver->pcie_switch_pid = current->tgid; } if (new_mode == DIAG_PCIE_MODE) { driver->transport_set = DIAG_ROUTE_TO_PCIE; driver->transport_set = DIAG_ROUTE_TO_PCIE; diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_pcie_apps, (poolsize_pcie_apps + 1 + (NUM_PERIPHERALS * 6))); } else if (new_mode == DIAG_USB_MODE) { driver->transport_set = DIAG_ROUTE_TO_USB; driver->transport_set = DIAG_ROUTE_TO_USB; diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_usb_apps, (poolsize_usb_apps + 1 + Loading Loading @@ -4400,7 +4402,7 @@ static void diag_init_transport(void) * The number of buffers encompasses Diag data generated on * the Apss processor + 1 for the responses generated * exclusively on the Apps processor + data from data channels *(4 channels periperipheral) + data from command channels (2) *(4 channels per peripheral) + data from command channels (2) */ diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_pcie_apps, poolsize_pcie_apps + 1 + (NUM_PERIPHERALS * 6)); Loading @@ -4419,7 +4421,7 @@ static void diag_init_transport(void) * The number of buffers encompasses Diag data generated on * the Apss processor + 1 for the responses generated * exclusively on the Apps processor + data from data channels *(4 channels periperipheral) + data from command channels (2) *(4 channels per peripheral) + data from command channels (2) */ diagmem_setsize(POOL_TYPE_MUX_APPS, itemsize_usb_apps, poolsize_usb_apps + 1 + (NUM_PERIPHERALS * 6)); Loading
drivers/char/diag/diagmem.c +6 −2 Original line number Diff line number Diff line /* Copyright (c) 2008-2014, 2016-2017, 2019 The Linux Foundation. All rights reserved. /* Copyright (c) 2008-2014, 2016-2017, 2019, 2021 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and Loading Loading @@ -152,6 +152,9 @@ void diagmem_setsize(int pool_idx, int itemsize, int poolsize) } diag_mempools[pool_idx].itemsize = itemsize; if (diag_mempools[pool_idx].pool) diag_mempools[pool_idx].pool->pool_data = (void *)(uintptr_t)itemsize; diag_mempools[pool_idx].poolsize = poolsize; pr_debug("diag: Mempool %s sizes: itemsize %d poolsize %d\n", diag_mempools[pool_idx].name, diag_mempools[pool_idx].itemsize, Loading @@ -177,7 +180,8 @@ void *diagmem_alloc(struct diagchar_dev *driver, int size, int pool_type) mempool->name); break; } if (size == 0 || size > mempool->itemsize) { if (size == 0 || size > mempool->itemsize || size > (int)mempool->pool->pool_data) { pr_err_ratelimited("diag: cannot alloc from mempool %s, invalid size: %d\n", mempool->name, size); break; Loading
