mirror of
https://github.com/linux-msm/diag.git
synced 2026-02-25 13:11:48 -08:00
bf8035f68b
diag_ffs_recv copies mbuf->offset bytes into a fixed 16k buffer. watch_handle_eventfd sets pending_aio->offset to ev->res, assuming that ev->res represents the number of bytes read. But res can be negative in error cases. This causes diag_ffs_recv to copy a very large amount into a 16k buffer, smashing the stack. Avoid populating pending_aio->offset if the result is failure. Also, it appears that if the status code is EAGAIN, the I/O is actually still in the system, and comes back later. Signed-off-by: Evan Green <evangreen86@gmail.com>
DIAG
DIAG implements routing of diagnostics related messages between host and various subsystems.
USB Gadget
Ensure that your kernel is built with CONFIG_CONFIGFS_FS and CONFIG_USB_CONFIGFS_F_FS and that configfs is mounted in /sys/kernel/config.
G1="/sys/kernel/config/usb_gadget/g1"
mkdir $G1
mkdir $G1/strings/0x409
mkdir $G1/functions/ffs.diag
mkdir $G1/configs/c.1
mkdir $G1/configs/c.1/strings/0x409
echo 0xVID > $G1/idVendor
echo 0xPID > $G1/idProduct
echo SERIAL > $G1/strings/0x409/serialnumber
echo MANUFACTURER > $G1/strings/0x409/manufacturer
echo PRODUCT > $G1/strings/0x409/product
echo "diag_dun" > $G1/configs/c.1/strings/0x409/configuration
ln -s $G1/functions/ffs.diag $G1/configs/c.1
mkdir /dev/ffs-diag
mount -t functionfs diag /dev/ffs-diag
diag-router &
sleep 1
echo 6a00000.dwc3 > $G1/UDC