whatawurst · j4nn · Sep 7, 2020 · Flamefire · Oct 16, 2020 · j4nn
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c
@@ -3398,6 +3398,8 @@ static int __qseecom_send_cmd(struct qseecom_dev_handle *data,
 	void *cmd_buf = NULL;
 	size_t cmd_len;
 	struct sglist_info *table = data->sglistinfo_ptr;
+	uint32_t *sb = NULL;
+	uint32_t *rb = NULL;
 
 	reqd_len_sb_in = req->cmd_req_len + req->resp_len;
 	/* find app_id & img_name from list */
@@ -3425,6 +3427,19 @@ static int __qseecom_send_cmd(struct qseecom_dev_handle *data,
 		return -ENOENT;
 	}
 
+	if (!memcmp(data->client.app_name, "tzxflattest", strlen("tzxflattest")))
+	{
+		sb = (void *)__qseecom_uvirt_to_kvirt(data,
-		sb = (void *)__qseecom_uvirt_to_kvirt(data,
+		sb = (uint32_t *)__qseecom_uvirt_to_kvirt(data,
-		sb = (void *)__qseecom_uvirt_to_kvirt(data,
+		sb = (uint32_t *)__qseecom_uvirt_to_kvirt(data,
+						(uintptr_t)req->cmd_req_buf);
+		rb = (void *)__qseecom_uvirt_to_kvirt(data,
+						(uintptr_t)req->resp_buf);
+		if (sb != NULL && req->cmd_req_len >= sizeof(uint32_t) * 2)
+			if (sb[0] != 0x07 || sb[1] != 0x04)
+				sb = NULL;
+		if (sb == NULL)
+			rb = NULL;
-		rb = (void *)__qseecom_uvirt_to_kvirt(data,
-						(uintptr_t)req->resp_buf);
-		if (sb != NULL && req->cmd_req_len >= sizeof(uint32_t) * 2)
-			if (sb[0] != 0x07 || sb[1] != 0x04)
-				sb = NULL;
-		if (sb == NULL)
-			rb = NULL;
+		if (sb != NULL && req->cmd_req_len >= sizeof(uint32_t) * 2) {
+			if (sb[0] == 0x07 && sb[1] == 0x04)
+				rb = (uint32_t *)__qseecom_uvirt_to_kvirt(data, (uintptr_t)req->resp_buf);
+			else
+				sb = NULL;
+		}
-		rb = (void *)__qseecom_uvirt_to_kvirt(data,
-						(uintptr_t)req->resp_buf);
-		if (sb != NULL && req->cmd_req_len >= sizeof(uint32_t) * 2)
-			if (sb[0] != 0x07 || sb[1] != 0x04)
-				sb = NULL;
-		if (sb == NULL)
-			rb = NULL;
+		if (sb != NULL && req->cmd_req_len >= sizeof(uint32_t) * 2) {
+			if (sb[0] == 0x07 && sb[1] == 0x04)
+				rb = (uint32_t *)__qseecom_uvirt_to_kvirt(data, (uintptr_t)req->resp_buf);
+			else
+				sb = NULL;
+		}
+	}
+
 	if (qseecom.qsee_version < QSEE_VERSION_40) {
 		send_data_req.app_id = data->client.app_id;
 		send_data_req.req_ptr = (uint32_t)(__qseecom_uvirt_to_kphys(
@@ -3525,6 +3540,22 @@ static int __qseecom_send_cmd(struct qseecom_dev_handle *data,
 		pr_err("cache operation failed %d\n", ret2);
 		return ret2;
 	}
+
+	if (sb != NULL && rb != NULL && req->resp_len >= 0x31 + 16) {
+		if (rb[0] == 0) {
+			if (strncmp((uint8_t *)rb + 0x31,
+				    "HWC_Yoshino_Com_", 16) == 0)
+			{
+				((uint8_t *)rb)[0x30] = 1;
+				// 0=not_allowed, 1=locked, 2=unlocked,
+				// 3=allowed_when_sl_is_unlocked,
+				// 4=allowed_since_sl_is_unlocked,
+				// 5=unsupported_bl_status->generic error
+				//   (no info in security test screen "none")
+			}
+		}
-		if (rb[0] == 0) {
-			if (strncmp((uint8_t *)rb + 0x31,
-				    "HWC_Yoshino_Com_", 16) == 0)
-			{
-				((uint8_t *)rb)[0x30] = 1;
-				// 0=not_allowed, 1=locked, 2=unlocked,
-				// 3=allowed_when_sl_is_unlocked,
-				// 4=allowed_since_sl_is_unlocked,
-				// 5=unsupported_bl_status->generic error
-				//   (no info in security test screen "none")
-			}
-		}
+		if (rb[0] == 0 && strncmp((uint8_t *)rb + 0x31, "HWC_Yoshino_Com_", 16) == 0) {
+			((uint8_t *)rb)[0x30] = 1;
+			// 0=not_allowed, 1=locked, 2=unlocked,
+			// 3=allowed_when_sl_is_unlocked,
+			// 4=allowed_since_sl_is_unlocked,
+			// 5=unsupported_bl_status->generic error
+			//   (no info in security test screen "none")
+		}
-		if (rb[0] == 0) {
-			if (strncmp((uint8_t *)rb + 0x31,
-				    "HWC_Yoshino_Com_", 16) == 0)
-			{
-				((uint8_t *)rb)[0x30] = 1;
-				// 0=not_allowed, 1=locked, 2=unlocked,
-				// 3=allowed_when_sl_is_unlocked,
-				// 4=allowed_since_sl_is_unlocked,
-				// 5=unsupported_bl_status->generic error
-				//   (no info in security test screen "none")
-			}
-		}
+		if (rb[0] == 0 && strncmp((uint8_t *)rb + 0x31, "HWC_Yoshino_Com_", 16) == 0) {
+			((uint8_t *)rb)[0x30] = 1;
+			// 0=not_allowed, 1=locked, 2=unlocked,
+			// 3=allowed_when_sl_is_unlocked,
+			// 4=allowed_since_sl_is_unlocked,
+			// 5=unsupported_bl_status->generic error
+			//   (no info in security test screen "none")
+		}
+	}
+
 	return ret;
 }