From: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
To: Gwendal Grignou <gwendal@chromium.org>
Cc: Olof Johansson <olof@lixom.net>, Lee Jones <lee.jones@linaro.org>,
Doug Anderson <dianders@chromium.org>,
Bill Richardson <wfrichar@chromium.org>,
Simon Glass <sjg@google.com>,
Stephen Barber <smbarber@chromium.org>,
Filipe Brandenburger <filbranden@google.com>,
Todd Broch <tbroch@chromium.org>,
linux-samsung-soc@vger.kernel.org,
Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: [RESEND PATCH 4/8] mfd: cros_ec: Use a zero-length array for command data
Date: Tue, 05 May 2015 17:57:18 +0200 [thread overview]
Message-ID: <5548E85E.6040103@collabora.co.uk> (raw)
In-Reply-To: <CAMHSBOWR2iDgnZ8WSKZW0LyL9zAXnWuU0x_avh_3gM02vMqReQ@mail.gmail.com>
Hello Gwendal,
On 04/24/2015 10:29 PM, Gwendal Grignou wrote:
> On Mon, Apr 6, 2015 at 9:15 AM, Javier Martinez Canillas
> <javier.martinez@collabora.co.uk> wrote:
[snip]
>>
>> @@ -110,17 +115,25 @@ static ssize_t ec_device_read(struct file *filp, char __user *buffer,
>> static long ec_device_ioctl_xcmd(struct cros_ec_device *ec, void __user *arg)
>> {
>> long ret;
>> - struct cros_ec_command s_cmd = { };
>> + int len;
>> + struct cros_ec_command *u_cmd = arg;
>> + struct cros_ec_command *s_cmd;
>> +
>> + len = max(u_cmd->outsize, u_cmd->insize);
> It does not work, u_cmd is not accessible yet. You should do:
> struct cros_ec_command u_cmd;
> if (copy_from_user(&u_cmd, arg, sizeof(u_cmd)))
> return -EFAULT;
> len = max(u_cmd.outsize, u_cmd.insize);
>
>
Right, I'll change that.
>> +
>> + s_cmd = kzalloc(sizeof(*s_cmd) + len, GFP_KERNEL);
>> + if (!s_cmd)
>> + return -ENOMEM;
>>
>> - if (copy_from_user(&s_cmd, arg, sizeof(s_cmd)))
>> + if (copy_from_user(s_cmd, arg, sizeof(*s_cmd) + len))
> sizeof(*s_cmd) + u_cmd.outsize is good enough.
Ok.
>> return -EFAULT;
>>
>> - ret = cros_ec_cmd_xfer(ec, &s_cmd);
>> + ret = cros_ec_cmd_xfer(ec, s_cmd);
>> /* Only copy data to userland if data was received. */
>> if (ret < 0)
>> return ret;
>>
>> - if (copy_to_user(arg, &s_cmd, sizeof(s_cmd)))
>> + if (copy_to_user(arg, s_cmd, sizeof(*s_cmd) + len))
> sizeof(*s_cmd) + min(ret, u_cmd.insize) is safer
Sure.
>> return -EFAULT;
>>
>> return 0;
> I missed this one earlier. Tools expect the number of byte read, so it should be
> return ret;
>
Ok, I'll change that as well.
Thanks a lot for your feedback!
Best regards,
Javier
next prev parent reply other threads:[~2015-05-05 16:11 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-06 16:14 [RESEND PATCH 0/8] cros_ec: Add multiple EC and protocol v3 support Javier Martinez Canillas
2015-04-06 16:14 ` [RESEND PATCH 1/8] mfd: cros ec: Remove parent field Javier Martinez Canillas
2015-04-23 20:15 ` Gwendal Grignou
2015-04-29 10:37 ` Lee Jones
2015-05-05 9:06 ` Javier Martinez Canillas
2015-05-05 10:54 ` Lee Jones
2015-05-09 1:38 ` Javier Martinez Canillas
2015-04-06 16:15 ` [RESEND PATCH 2/8] platform/chrome: cros_ec_lpc - Use existing function to check EC result Javier Martinez Canillas
2015-04-26 1:33 ` Gwendal Grignou
2015-04-06 16:15 ` [RESEND PATCH 3/8] mfd: cros_ec: Instantiate sub-devices from device tree Javier Martinez Canillas
2015-04-26 1:34 ` Gwendal Grignou
2015-04-29 10:39 ` Lee Jones
2015-05-05 9:21 ` Javier Martinez Canillas
2015-05-05 10:53 ` Lee Jones
2015-05-05 10:57 ` Javier Martinez Canillas
2015-04-06 16:15 ` [RESEND PATCH 4/8] mfd: cros_ec: Use a zero-length array for command data Javier Martinez Canillas
2015-04-16 9:45 ` Heiko Stübner
2015-04-16 9:55 ` Javier Martinez Canillas
2015-04-24 5:19 ` Gwendal Grignou
2015-05-05 15:53 ` Javier Martinez Canillas
2015-04-24 20:29 ` Gwendal Grignou
2015-05-05 15:57 ` Javier Martinez Canillas [this message]
2015-04-06 16:15 ` [RESEND PATCH 5/8] mfd: cros-ec: Support multiple EC in a system Javier Martinez Canillas
2015-04-23 23:54 ` Gwendal Grignou
2015-05-05 15:40 ` Javier Martinez Canillas
2015-04-06 16:15 ` [RESEND PATCH 6/8] mfd: cros_ec: rev cros_ec_commands.h Javier Martinez Canillas
2015-04-26 1:35 ` Gwendal Grignou
2015-04-29 10:45 ` Lee Jones
2015-04-06 16:15 ` [RESEND PATCH 7/8] mfd: cros_ec: add proto v3 skeleton Javier Martinez Canillas
2015-04-26 1:39 ` Gwendal Grignou
2015-05-05 15:59 ` Javier Martinez Canillas
2015-04-06 16:15 ` [RESEND PATCH 8/8] mfd: cros_ec: add bus-specific proto v3 code Javier Martinez Canillas
2015-04-26 1:39 ` Gwendal Grignou
2015-04-16 7:29 ` [RESEND PATCH 0/8] cros_ec: Add multiple EC and protocol v3 support Javier Martinez Canillas
2015-04-16 9:49 ` Heiko Stübner
2015-04-16 10:24 ` Javier Martinez Canillas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5548E85E.6040103@collabora.co.uk \
--to=javier.martinez@collabora.co.uk \
--cc=dianders@chromium.org \
--cc=filbranden@google.com \
--cc=gwendal@chromium.org \
--cc=lee.jones@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-samsung-soc@vger.kernel.org \
--cc=olof@lixom.net \
--cc=sjg@google.com \
--cc=smbarber@chromium.org \
--cc=tbroch@chromium.org \
--cc=wfrichar@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox