From ad33cbf95e9a5eb256f3d7bc8c9eff3d7d675b34 Mon Sep 17 00:00:00 2001 From: Hardik Arya Date: Fri, 10 May 2019 15:41:24 +0530 Subject: [PATCH] diag: Reallocate dci buffer with proper required capacity DCI command buffer reallocation is not done properly with required capacity. The patch reallocates the same buffer and updated capacity properly with header and response length. Change-Id: I7b5fd132b9241d0f1493bcb602a6b361e4ad9a04 Signed-off-by: Hardik Arya --- drivers/char/diag/diag_dci.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c index 2301e1e566e0..e9a6711c9990 100644 --- a/drivers/char/diag/diag_dci.c +++ b/drivers/char/diag/diag_dci.c @@ -998,6 +998,7 @@ void extract_dci_pkt_rsp(unsigned char *buf, int len, int data_source, unsigned char *temp = buf; int save_req_uid = 0; struct diag_dci_pkt_rsp_header_t pkt_rsp_header; + int header_len = sizeof(struct diag_dci_pkt_rsp_header_t); if (!buf || len <= 0) { pr_err("diag: Invalid pointer in %s\n", __func__); @@ -1066,23 +1067,24 @@ void extract_dci_pkt_rsp(unsigned char *buf, int len, int data_source, mutex_lock(&rsp_buf->data_mutex); /* * Check if we can fit the data in the rsp buffer. The total length of - * the rsp is the rsp length (write_len) + DCI_PKT_RSP_TYPE header (int) - * + field for length (int) + delete_flag (uint8_t) + * the rsp is the rsp length (write_len) + dci response packet header + * length (sizeof(struct diag_dci_pkt_rsp_header_t)) */ - if ((rsp_buf->data_len + 9 + rsp_len) > rsp_buf->capacity) { + if ((rsp_buf->data_len + header_len + rsp_len) > rsp_buf->capacity) { pr_alert("diag: create capacity for pkt rsp\n"); - rsp_buf->capacity += 9 + rsp_len; - temp_buf = krealloc(rsp_buf->data, rsp_buf->capacity, - GFP_KERNEL); + temp_buf = vzalloc(rsp_buf->capacity + header_len + rsp_len); if (!temp_buf) { pr_err("diag: DCI realloc failed\n"); mutex_unlock(&rsp_buf->data_mutex); mutex_unlock(&entry->buffers[data_source].buf_mutex); mutex_unlock(&driver->dci_mutex); return; - } else { - rsp_buf->data = temp_buf; } + rsp_buf->capacity += header_len + rsp_len; + if (rsp_buf->capacity > rsp_buf->data_len) + memcpy(temp_buf, rsp_buf->data, rsp_buf->data_len); + vfree(rsp_buf->data); + rsp_buf->data = temp_buf; } /* Fill in packet response header information */ @@ -1091,9 +1093,8 @@ void extract_dci_pkt_rsp(unsigned char *buf, int len, int data_source, pkt_rsp_header.length = rsp_len + sizeof(int); pkt_rsp_header.delete_flag = delete_flag; pkt_rsp_header.uid = save_req_uid; - memcpy(rsp_buf->data + rsp_buf->data_len, &pkt_rsp_header, - sizeof(struct diag_dci_pkt_rsp_header_t)); - rsp_buf->data_len += sizeof(struct diag_dci_pkt_rsp_header_t); + memcpy(rsp_buf->data + rsp_buf->data_len, &pkt_rsp_header, header_len); + rsp_buf->data_len += header_len; memcpy(rsp_buf->data + rsp_buf->data_len, temp, rsp_len); rsp_buf->data_len += rsp_len; rsp_buf->data_source = data_source; -- 2.11.0