Prevent possible out of bound access due to missing length check
while extracting dci packet response by adding proper checks.
CRs-Fixed: 2434571
Change-Id: I7b6972bf6559bdca99333a75d989cd6d3431b801
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Validate the dci entries and its task structure before
accessing structure members to prevent copying dci data to
invalid entries.
Change-Id: I07c59ef0705bc52a8268b0dc984ebfa9d26d178e
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Currently there is possibility of out-of-bound read due to
incorrect validation of received dci event and log mask for
query. The patch update the validation for the same.
Change-Id: I4266eb0f69fdbfa48c5aacc17744dec83995e9e6
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Currently there is a possibility of kmalloc failing
when system is running low on memory condition.
The patch changes the dci memory allocation from
kzalloc to vzalloc.
CRs-Fixed: 2195818
Change-Id: I92b20d8e77ce5b2a96212f9d0757fbbff2703891
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Add correct conditional check for len in dci_process_ctrl_status() to
prevent buffer overflow.
Change-Id: Id73ed1c8b104428eceef0544ce2858160cc08fd2
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
There a possibility of out-of-bound read because of not
validating source buffer length against length that about
to be copied. The patch adds proper check for validating
length before copying data
CRs-Fixed: 2163793
Change-Id: I7c93839d0c4d83024ce23a0ce494d09dd08567a9
Signed-off-by: Hardik Arya <harya@codeaurora.org>
The patch initializes dci peripheral buffers to NULL
to prevent access before allocation by validating buffer status.
CRs-Fixed: 2048635
Change-Id: I9be46e751da81cbbbae4fe0333c23101fdbf79ed
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This fix checks the validity of dci client's process descriptor
before issuing a signal to it when subsystem restart is performed.
This fix avoids accessing cleaned-up process descriptor's fields.
CRs-Fixed: 2047235
Change-Id: Ic26977dc22c68f0a7007dd963c9273bba2a5dbfe
Signed-off-by: Gopikrishna Mogasati <gmogas@codeaurora.org>
The patch validates the dci entries and its task
structure before accessing structure members avoiding possible
kernel bug.
CRs-Fixed: 2035140
Change-Id: I7b0813defef1cb60400184acc631047cf72af94e
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Initialize the stat variable before using it while sending
notification to dci client.
Change-Id: Ie5f98d0f45a797f4f122d8c4e2bae1a92bf4e7c9
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Currently log and event mask information is sent to all
peripherals. This fix sends log and event mask information
to only dci supported peripherals.
CRs-Fixed: 1117238
Change-Id: Ibcf3762574212e097502b2f36f7ac9284bac3e06
Signed-off-by: Gopikrishna Mogasati <gmogas@codeaurora.org>
This patch adds the check for dci client entry validity
before being accessed for its structure member.
CRs-Fixed: 1097921
Change-Id: I30307599a86fff5174da1022361294e83ed8b761
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This patch prevents the arise of dangling pointer after
kfree operation on pointer.
CRs-Fixed: 1083444
Change-Id: Ie2702223379b9c77ce4fe30376d446c63223dbc8
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Currently, on open and close notification for channels,
the dci clients are updated accordingly. The list
traversal for active dci clients are not mutex protected.
Also searching for command registration in table is not
properly protected. This patch mutex protect the list
traversal and command registration table search to avoid
stale entries.
Change-Id: I015d6674afd605c63cd01ceec0109d9da5462629
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
This patch fixes the possible out of bound access by accessing
only dci supported peripheral feature.
Bug: 31864832
CRs-Fixed: 1074901
Change-Id: I99b7feb4b9af8480912a0a3b3e9834f0ecd92189
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This patch fixes the possible race condition
because of the stray dci_mutex unlock statements.
CRs-Fixed: 1027461
Change-Id: I10f3c6d1e2d3c6e71be04e3206273aad7971a6b5
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This patch fixes the possible corruption of the
dci client entries log mask during deinit of dci
entries.
CRs-Fixed: 1021816
Change-Id: I7741eca6ac07cd4393fc373e796570066da7cce6
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This patch provides the protection on dci session by
checking for the session pid and task pid to be same.
CRs-Fixed: 1008138
Change-Id: I7d78a13032365a42097ad71cfd0abab2792a1b98
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This patch provides the protection to dci client
entries from corruption.
CRs-Fixed: 984942 992683
Change-Id: Ifcd9f14dc03d9e42a31b3e126839489881e98303
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This patch addresses kernel addresses leak by changing
the format specifier to adhere to the kptr_restrict system setting.
CRs-Fixed: 987013
Change-Id: I32649a26f54d96c56d80aa2a1bd5f5d9dd0dd9d3
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Use correct index value while accessing DCI channel status.
Change-Id: I97456326a40c6d24c208307a9e8e6a55fc5b9d59
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Add handling for extended header packets going
to the DCI stream. Set new bit in feature mask
to signal support for extended headers over DCI.
CRs-Fixed: 998973
Change-Id: I8badb0aa9e6ff604d8d0b2a932df0ea5ef6a70f9
Signed-off-by: Chris Lew <clew@codeaurora.org>
Currently, whenever new dci client registers, diag
allocates memory from kernel and free it during
de-initialization. For one of the buffer, it is not
freeing the memory which will lead to memory leak.
This patch takes care of possible memory leak.
Change-Id: Ie50b4a549c249375f93962a5b6b20d614943f1aa
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
Currently, while de-initializing dci clients, there is
a possibility to access stale entries. This patch fixes
this issue by adding proper protection mechanism.
CRs-Fixed: 960958 968445
Change-Id: I829c9497eeb356662a6531592c66108e615ce6e4
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
Currently, whenever a peripheral is going down, diag
driver is not updating the peripheral status correctly
which leads to wrong result. This patch fixes this issue.
Change-Id: I59065cff4b1a1521d321422e427762bd2661be12
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
