Merge "diag: Add NULL pointer checks for mask info"
This commit is contained in:
Linux Build Service Account
Gerrit - the friendly Code Review server
commit
725d7669a0
1 changed files with 120 additions and 8 deletions
|
|
@ -555,6 +555,11 @@ static int diag_cmd_get_ssid_range(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!diag_apps_responds())
|
||||
return 0;
|
||||
|
|
@ -656,7 +661,11 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!diag_apps_responds())
|
||||
return 0;
|
||||
|
||||
|
|
@ -669,6 +678,12 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len,
|
|||
rsp.status = MSG_STATUS_FAIL;
|
||||
rsp.padding = 0;
|
||||
mask = (struct diag_msg_mask_t *)mask_info->ptr;
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&driver->msg_mask_lock);
|
||||
return -EINVAL;
|
||||
}
|
||||
for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
|
||||
if ((req->ssid_first < mask->ssid_first) ||
|
||||
(req->ssid_first > mask->ssid_last_tools)) {
|
||||
|
|
@ -714,11 +729,23 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
req = (struct diag_msg_build_mask_t *)src_buf;
|
||||
mutex_lock(&mask_info->lock);
|
||||
mutex_lock(&driver->msg_mask_lock);
|
||||
mask = (struct diag_msg_mask_t *)mask_info->ptr;
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&driver->msg_mask_lock);
|
||||
mutex_unlock(&mask_info->lock);
|
||||
return -EINVAL;
|
||||
}
|
||||
for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
|
||||
if (i < (driver->msg_mask_tbl_count - 1)) {
|
||||
mask_next = mask;
|
||||
|
|
@ -831,6 +858,11 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
req = (struct diag_msg_config_rsp_t *)src_buf;
|
||||
|
||||
|
|
@ -838,6 +870,13 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len,
|
|||
mutex_lock(&driver->msg_mask_lock);
|
||||
|
||||
mask = (struct diag_msg_mask_t *)mask_info->ptr;
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&driver->msg_mask_lock);
|
||||
mutex_unlock(&mask_info->lock);
|
||||
return -EINVAL;
|
||||
}
|
||||
mask_info->status = (req->rt_mask) ? DIAG_CTRL_MASK_ALL_ENABLED :
|
||||
DIAG_CTRL_MASK_ALL_DISABLED;
|
||||
for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
|
||||
|
|
@ -931,7 +970,11 @@ static int diag_cmd_update_event_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
req = (struct diag_event_mask_config_t *)src_buf;
|
||||
mask_len = EVENT_COUNT_TO_BYTES(req->num_bits);
|
||||
if (mask_len <= 0 || mask_len > event_mask.mask_len) {
|
||||
|
|
@ -989,6 +1032,11 @@ static int diag_cmd_toggle_events(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
toggle = *(src_buf + 1);
|
||||
mutex_lock(&mask_info->lock);
|
||||
|
|
@ -1046,6 +1094,11 @@ static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!diag_apps_responds())
|
||||
return 0;
|
||||
|
|
@ -1065,6 +1118,11 @@ static int diag_cmd_get_log_mask(unsigned char *src_buf, int src_len,
|
|||
write_len += rsp_header_len;
|
||||
|
||||
log_item = (struct diag_log_mask_t *)mask_info->ptr;
|
||||
if (!log_item->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask: %pK\n",
|
||||
__func__, log_item);
|
||||
return -EINVAL;
|
||||
}
|
||||
for (i = 0; i < MAX_EQUIP_ID; i++, log_item++) {
|
||||
if (log_item->equip_id != req->equip_id)
|
||||
continue;
|
||||
|
|
@ -1172,11 +1230,20 @@ static int diag_cmd_set_log_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
req = (struct diag_log_config_req_t *)src_buf;
|
||||
read_len += req_header_len;
|
||||
mask = (struct diag_log_mask_t *)mask_info->ptr;
|
||||
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
if (req->equip_id >= MAX_EQUIP_ID) {
|
||||
pr_err("diag: In %s, Invalid logging mask request, equip_id: %d\n",
|
||||
__func__, req->equip_id);
|
||||
|
|
@ -1294,9 +1361,17 @@ static int diag_cmd_disable_log_mask(unsigned char *src_buf, int src_len,
|
|||
mask_info);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!mask_info->ptr) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK\n",
|
||||
__func__, mask_info->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
mask = (struct diag_log_mask_t *)mask_info->ptr;
|
||||
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
return -EINVAL;
|
||||
}
|
||||
for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
|
||||
mutex_lock(&mask->lock);
|
||||
memset(mask->ptr, 0, mask->range);
|
||||
|
|
@ -1562,7 +1637,7 @@ static int __diag_mask_init(struct diag_mask_info *mask_info, int mask_len,
|
|||
|
||||
static void __diag_mask_exit(struct diag_mask_info *mask_info)
|
||||
{
|
||||
if (!mask_info)
|
||||
if (!mask_info || !mask_info->ptr)
|
||||
return;
|
||||
|
||||
mutex_lock(&mask_info->lock);
|
||||
|
|
@ -1619,11 +1694,17 @@ void diag_log_mask_free(struct diag_mask_info *mask_info)
|
|||
int i;
|
||||
struct diag_log_mask_t *mask = NULL;
|
||||
|
||||
if (!mask_info)
|
||||
if (!mask_info || !mask_info->ptr)
|
||||
return;
|
||||
|
||||
mutex_lock(&mask_info->lock);
|
||||
mask = (struct diag_log_mask_t *)mask_info->ptr;
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&mask_info->lock);
|
||||
return;
|
||||
}
|
||||
for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
|
||||
kfree(mask->ptr);
|
||||
mask->ptr = NULL;
|
||||
|
|
@ -1698,11 +1779,18 @@ void diag_msg_mask_free(struct diag_mask_info *mask_info)
|
|||
int i;
|
||||
struct diag_msg_mask_t *mask = NULL;
|
||||
|
||||
if (!mask_info)
|
||||
if (!mask_info || !mask_info->ptr)
|
||||
return;
|
||||
mutex_lock(&mask_info->lock);
|
||||
mutex_lock(&driver->msg_mask_lock);
|
||||
mask = (struct diag_msg_mask_t *)mask_info->ptr;
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&driver->msg_mask_lock);
|
||||
mutex_unlock(&mask_info->lock);
|
||||
return;
|
||||
}
|
||||
for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
|
||||
kfree(mask->ptr);
|
||||
mask->ptr = NULL;
|
||||
|
|
@ -1869,6 +1957,11 @@ int diag_copy_to_user_msg_mask(char __user *buf, size_t count,
|
|||
if (!mask_info)
|
||||
return -EIO;
|
||||
|
||||
if (!mask_info->ptr || !mask_info->update_buf) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK, mask_info->update_buf: %pK\n",
|
||||
__func__, mask_info->ptr, mask_info->update_buf);
|
||||
return -EINVAL;
|
||||
}
|
||||
mutex_lock(&driver->diag_maskclear_mutex);
|
||||
if (driver->mask_clear) {
|
||||
DIAG_LOG(DIAG_DEBUG_PERIPHERALS,
|
||||
|
|
@ -1881,6 +1974,13 @@ int diag_copy_to_user_msg_mask(char __user *buf, size_t count,
|
|||
mutex_lock(&driver->msg_mask_lock);
|
||||
|
||||
mask = (struct diag_msg_mask_t *)(mask_info->ptr);
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&driver->msg_mask_lock);
|
||||
mutex_unlock(&mask_info->lock);
|
||||
return -EINVAL;
|
||||
}
|
||||
for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) {
|
||||
ptr = mask_info->update_buf;
|
||||
len = 0;
|
||||
|
|
@ -1941,8 +2041,20 @@ int diag_copy_to_user_log_mask(char __user *buf, size_t count,
|
|||
if (!mask_info)
|
||||
return -EIO;
|
||||
|
||||
if (!mask_info->ptr || !mask_info->update_buf) {
|
||||
pr_err("diag: In %s, invalid input mask_info->ptr: %pK, mask_info->update_buf: %pK\n",
|
||||
__func__, mask_info->ptr, mask_info->update_buf);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
mutex_lock(&mask_info->lock);
|
||||
mask = (struct diag_log_mask_t *)(mask_info->ptr);
|
||||
if (!mask->ptr) {
|
||||
pr_err("diag: Invalid input in %s, mask->ptr: %pK\n",
|
||||
__func__, mask->ptr);
|
||||
mutex_unlock(&mask_info->lock);
|
||||
return -EINVAL;
|
||||
}
|
||||
for (i = 0; i < MAX_EQUIP_ID; i++, mask++) {
|
||||
ptr = mask_info->update_buf;
|
||||
len = 0;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue