projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 066f950)
greybus: uart: add missing serial-state sanity check
authorJohan Hovold <johan@hovoldconsulting.com>
Wed, 24 Feb 2016 15:11:50 +0000 (16:11 +0100)
committerGreg Kroah-Hartman <gregkh@google.com>
Thu, 25 Feb 2016 01:26:05 +0000 (17:26 -0800)
Add dedicated serial-state request handler and add the missing sanity
check on the incoming request.

Reviewed-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
drivers/staging/greybus/uart.c patch | blob | history

diff --git a/drivers/staging/greybus/uart.c b/drivers/staging/greybus/uart.c
index 60617cb..c09a76b 100644 (file)
--- a/drivers/staging/greybus/uart.c
+++ b/drivers/staging/greybus/uart.c
@@ -103,13 +103,32 @@ static int gb_uart_receive_data(struct gb_tty *gb_tty,
        return 0;
 }
 
-static int gb_uart_request_recv(u8 type, struct gb_operation *op)
+static int gb_uart_serial_state_handler(struct gb_operation *op)
 {
        struct gb_connection *connection = op->connection;
        struct gb_tty *gb_tty = connection->private;
        struct gb_message *request = op->request;
        struct gb_uart_serial_state_request *serial_state;
-       int ret = 0;
+
+       if (request->payload_size < sizeof(*serial_state)) {
+               dev_err(&connection->bundle->dev,
+                               "short serial-state event received (%zu < %zu)\n",
+                               request->payload_size, sizeof(*serial_state));
+               return -EINVAL;
+       }
+
+       serial_state = request->payload;
+       gb_tty->ctrlin = serial_state->control;
+
+       return 0;
+}
+
+static int gb_uart_request_recv(u8 type, struct gb_operation *op)
+{
+       struct gb_connection *connection = op->connection;
+       struct gb_tty *gb_tty = connection->private;
+       struct gb_message *request = op->request;
+       int ret;
 
        switch (type) {
        case GB_UART_TYPE_RECEIVE_DATA:
@@ -117,8 +136,7 @@ static int gb_uart_request_recv(u8 type, struct gb_operation *op)
                                           request->payload);
                break;
        case GB_UART_TYPE_SERIAL_STATE:
-               serial_state = request->payload;
-               gb_tty->ctrlin = serial_state->control;
+               ret = gb_uart_serial_state_handler(op);
                break;
        default:
                dev_err(&connection->bundle->dev,
Domain: System / Kernel;