Sanitize user input length for the maximum buffer size before
writing the dci packet to remote.
Change-Id: I1f813a969fcce589f9e5024864ef4a650f2cf64e
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
For a valid token indicating remote proc use data_source to
indicate packet originated from dci remote source.
Change-Id: I01729a905d532fae7ea046acc143598eca04460b
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
When allocating mempool memory sanitize the size check against
the pool data size. Update the pool data size as well whenever
itemsize is updated.
Change-Id: I7c426cfe35c35d5c2e7e5eefae710215097fbea0
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Add SSR support for MDM during memory device mode
Change-Id: Ie5e8290ddaa0ccf179b7c32ab0b310bbd6c95a16
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
MHI driver returns -EEXIST value if the channel is open during
registration and no callback will be issued. Prevent diag
pcie callback registration and pcie channel registration by
handling -EEXIST error.
Change-Id: I3d0cffdc00a82cacbe4d26187509f9d650e3990e
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Exiting the loop for do_switch condition fail for a single proc
should not prevent the switch for other procs. Continue looping
through to update the mode switch for other procs.
Change-Id: Iba154ec7425bdcd7645659d03a4cc884bdd88331
Signed-off-by: Lakshay Verma <laksverm@codeaurora.org>
Add debug logs to track the pcie registrations and enable logging
for pcie related operations of read and write.
Change-Id: I66852867b09f033ae7f9bc154eb3fc02c0b455ae
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Enable apps to wcnss diag communication over rpmsg. Changes were
made to copy the data from smd buffer into diag buffer in the
callback and queue a work to process the data in work queue and
release the diag buffer in work queue.
Change-Id: I369312ad8e24204577e8e8fe1097542bf6ae7679
Signed-off-by: Sridhar Arra <sarra@codeaurora.org>
Possible race conditions while handling USB notifications in event
queues is prevented using spinlock to synchronize the list access.
Change-Id: I91bff76b6134e600b0a7091d9576089226b1629c
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Add usb connect and disconnect events to a queue and
process each event in work function so that all of the
usb connect and disconnect events are processed without
any miss.
Change-Id: I2b5debef28d683f55a727e53e41c811419d2bf3f
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Possible integer overflow while processing control packets received
from peripherals prevented by typecasting the lengths during
buffer boundary check.
Change-Id: Ic29553a8c3422c9e11051d78a6b57a4f921586b9
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
There is a possibility of out-of-bound access while processing control
packet received from peripheral due to missing buffer length check.
The patch adds proper check to fix the same.
Change-Id: I6793a47ca21c6e0ba52863a350decb90feb81a88
Signed-off-by: Lakshay Verma <laksverm@codeaurora.org>
Add debug logs to trace the status of read and write in
mhi driver when external proc is undergoing ssr.
Change-Id: I8dc26864236700973da100646f30f201aa07e253
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Prevent possible race condition while freeing dci mempool buffers
by properly synchronizing allocation and free.
Change-Id: Iac8b9b9bd8a475d519a644d555d87b9101b9b6b8
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Fix the issue seen below, when flags_sec is uninitialized.
drivers/char/diag/diag_memorydevice.c: In function 'diag_md_write':
./include/linux/spinlock.h:261:3: warning: 'flags_sec' may be used
uninitialized in this function [-Wmaybe-uninitialized].
This patch initializes the local variable flags_sec.
Change-Id: I28a05d8c54468bb7f75f90dea69e074e27ff4a26
Signed-off-by: Anant Goel <anantg@codeaurora.org>
read_work work function continuously keeps queueing IN URBs to
the USB. In suspend scenario, this can lead to transfer ring
getting exhausted and expansion of ring failing. After this
when the target resumes, meaningful read URB submission fails
leading to diag port loss.
Fix this by not invoking diag_bridge_read if HSIC channel is
suspended.
Change-Id: Ic9b76095a00ae7cebe26cded3d95d4c4cb4fb42c
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
During deregistration of dci client the task pointer is not
matching with the task pointer saved during registration.
Made a change to store the correct pointer during dci client
registration.
Change-Id: I94123d2043532c456ac4b62435e57dac71adafbe
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Diag data channel which is not yet opened is not reading
any data from socket when data is ready, which is resulting
to memory allocation failure on ipc router side after multiple
SSR due to pending qrtr control packets to be read by diag.
The patch handles this case by reading and dropping the data
when it is available.
Change-Id: I4c348c5489923f51caf366d4d08696bff775ae08
Signed-off-by: Hardik Arya <harya@codeaurora.org>
CDSP peripheral macro value and CDSP socket enum value are not
same causing invalid cleanup of diag control channel status during
peripheral SSR. Set CDSP socket enum value same as peripheral
CDSP macro.
Change-Id: I2c82fc4a7d1bd7491560942d525ed579f39d1e60
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Prevent diag clients stuck waiting for apps data buffers to
get flushed by use of timeout.
Change-Id: Ia3efccb919a82ebd8628ab246d5d73c455b919e8
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
There is a possibility of use-after-free while accessing
diag client map table since list can be reallocated due to
exceeding max client limit. The patch adds protection
while accessing client map list.
Change-Id: Ibc33d9d90b7e22394c82265b0fa80a89cc2a3122
Signed-off-by: Hardik Arya <harya@codeaurora.org>
The task structure with reference count incremented while
dci client is registered should be updated with reference count
decremented in failure case of registration.
Change-Id: I093229d83dca2699e0343224756895eff0915e38
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
There is a possibility of exiting socket read and
not releasing diag wakesource due to socket error
at the time of connection reset. The patch releases
diag wakesource on socket error.
Change-Id: I9862395207f2dc2f723b06e176ba25bd001c189d
Signed-off-by: Hardik Arya <harya@codeaurora.org>
When mhi remove call on diag channels is issued clear memory
device table entries including buffer information to prevent
any race condition of using the buffers queued for copying
to diag userspace clients.
Change-Id: Ie311c63c5fce31e43d7c93c23f27cfe0e2e2d64f
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Configure diag bridge interface based on device tree node
if both hsic & mhi interface is defined in defconfig.
Change-Id: Ia1a106b3dcf7da1a96e0fa3099ece02326d30cd5
Signed-off-by: Arun Prakash <app@codeaurora.org>
With possibility of unavailable pages of higher order, memory
allocation using kmalloc can fail. Use vzalloc to prevent
memory allocation failure.
Change-Id: I94de8ada3ccadd7868d2e2688fd0fa25a5f42c8a
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Possibility of resource leakage while checking for validity of
pid and its task structures is prevented by proper update of pid
reference count.
Change-Id: Ifb38f91a5c3e45248bb08c5341c8a3095585c16f
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Correct the command code for transport query command code and
align the transport mode values to tool defined ones.
Change-Id: I4521cb1549af5be292c98675e270688f701d603d
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Same diag client is added again to diag client map
due to not checking client pid in current client map
table. This is resulting in having same client twice
in diag client map table. The patch fixes this issue
by checking diag client table before adding new client.
Change-Id: Iaf2e8324f0f7753193dc9f7a87cb12ae6c83f26b
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Tools can query the active transport being used by diag using the
transport query command and then configure the qdss trace sink.
Change-Id: I549090a6b3437d5ddc86cddd28baecbd4d1ac5ad
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Close to diag fd can be called from a work function having
different pid from process who has registered with diag.
This is resulting in not removing cmd registration for exiting
process. The patch fixes this issue with using file's private
data to get pid of exiting process.
Change-Id: I1036b9e159b1668558da62fe7588acf1367d6aeb
Signed-off-by: Hardik Arya <harya@codeaurora.org>
HDLC status of the buffer used in processing user space apps
packets is not known when freeing the buffer is leading to wrong
buffer freed and in turn possibly leading to resource starvation.
Using HDLC context to identify the buffer prevents the issue.
Change-Id: I7516f5ea56398372deaed3b41f33885bdbddc067
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Adding support for remote processor check in
diagfwd_hsic to fix device mask error while
querying remote device mask from user space
client.
Change-Id: Ia6c0b4ea2fe6ca6c14b7b00ff486310cf616f611
Signed-off-by: Arun Prakash <app@codeaurora.org>
Donot open mhi channels during usb connect since
mhi channels are not closed during disconnect.
Mhi channels are opened/closed based on mhi
probe/remove calls.
Change-Id: Ie297a3fb8cf1e6c8d28af02e5d7bdf7ef4ee0fee
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
After MHI device receives a reset command the internal
state machine suspends all activity on the channel and
processes the device reset. Clients are notified on
the channel close. Existing close function checks if
there are pending data to be read but since the device
is in the process of cleaning the transfer buffers
and the channels are suspended this check is not required.
Change-Id: Iafc5249762b1468ee2cca4ac141522ce0356d403
Signed-off-by: Siddartha Mohanadoss <smohanad@codeaurora.org>
UPD macro values are not updated with NPU
peripheral support. The patch corrects UPD
related macro values.
Change-Id: I37935ac335d13996334935e557a14662bbc73679
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
There is a possibility of race condition between
drain_apps_data and process_apps_data for flushing
the apps data buffer to mux, Which can cause flushing
buffer twice and can lead to use-after-free issue.
The patch adds checks for buffer flush status before
using the same buffer for processing apps data.
Change-Id: I2cfe67304e73bcb4004884b986ac2bec44b29ba1
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Add support for diag communication between apps and
npu to send/receive diag traffic.
Change-Id: I78dd00928a4c155c794bc3334f46c2e0c55a6f77
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Use 'QTI' string in config names to fix incorrect usage.
Also fix the diag bridge config string for sdmsteppe.
Change-Id: I3af8a34653b8d67eb1263e9d5d162688ff381898
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Use 'QTI' string in config names to fix incorrect usage.
Also fix the diag bridge config string for sdmsteppe.
Change-Id: I3af8a34653b8d67eb1263e9d5d162688ff381898
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Place check for mask size and validate source length against
sum of header length and mask size to prevent out of bound access.
Change-Id: I8ac089202b6e3007773b92be8cfdc52fcb30ec3c
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Currently while draining the apps data, diag apps buffer is
queued to usb again which was already queued while processing
diag apps data. This race condition is resulting as use-after-free
since apps buffer will be freed on write done completion. The patch
checks flushed status of buffer before submitting it to usb.
Change-Id: I19d99958a14ae9a8483457a5a90c78d527d37fb0
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Clear the masks on the apps only during usb disconnect on local usb
diag channel but not for the remote proc usb disconnect.
Change-Id: I1d3f828f9fecf628bc15f3f62ce1e4dc482c57db
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Simon1511