From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755010AbcBBOSy (ORCPT <rfc822;w@1wt.eu>);
	Tue, 2 Feb 2016 09:18:54 -0500
Received: from mga09.intel.com ([134.134.136.24]:60765 "EHLO mga09.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751011AbcBBOSv (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 2 Feb 2016 09:18:51 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.22,384,1449561600"; 
   d="scan'208";a="903886574"
Subject: Re: [PATCH v2 08/11] staging/android: make info->len return only the
 size of fence_infos
To: Gustavo Padovan <gustavo@padovan.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
References: <1454419402-10769-1-git-send-email-gustavo@padovan.org>
 <1454419402-10769-9-git-send-email-gustavo@padovan.org>
Cc: linux-kernel@vger.kernel.org, devel@driverdev.osuosl.org,
        dri-devel@lists.freedesktop.org, Daniel Stone <daniels@collabora.com>,
        =?UTF-8?Q?Arve_Hj=c3=b8nnev=c3=a5g?= <arve@android.com>,
        Riley Andrews <riandrews@android.com>,
        Daniel Vetter <daniel.vetter@ffwll.ch>,
        Rob Clark <robdclark@gmail.com>, Greg Hackmann <ghackmann@google.com>,
        John Harrison <John.C.Harrison@Intel.com>,
        Gustavo Padovan <gustavo.padovan@collabora.co.uk>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Message-ID: <56B0BAC6.30506@linux.intel.com>
Date: Tue, 2 Feb 2016 15:18:46 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <1454419402-10769-9-git-send-email-gustavo@padovan.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Op 02-02-16 om 14:23 schreef Gustavo Padovan:
> From: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
>
> The len member of struct sync_file_info was returning the size of the whole
> buffer (struct sync_file_info + fence_infos at the of it). This commit
> change it to return only the size of the array of fence_infos.
>
> It also moves len to be right before the fences_infos struct.
>
> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
> ---
>  drivers/staging/android/sync.c      | 16 +++++++++++-----
>  drivers/staging/android/uapi/sync.h |  7 +++----
>  2 files changed, 14 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
> index ba7d461..e5fbf5a 100644
> --- a/drivers/staging/android/sync.c
> +++ b/drivers/staging/android/sync.c
> @@ -502,14 +502,19 @@ static int sync_fill_fence_info(struct fence *fence, void *data, int size)
>  static long sync_file_ioctl_fence_info(struct sync_file *sync_file,
>  					unsigned long arg)
>  {
> -	struct sync_file_info *info;
> +	struct sync_file_info in, *info;
>  	__u32 size;
> -	__u32 len = 0;
> +	__u32 b_len, len = 0;
>  	int ret, i;
>  
> -	if (copy_from_user(&size, (void __user *)arg, sizeof(size)))
> +	if (copy_from_user(&in, (void __user *)arg, sizeof(*info)))
>  		return -EFAULT;
>  
> +	if (in.name || in.status || in.num_fences || in.fence_info)
> +		return -EFAULT;
>
Did you test this? I think in.name is always true..