From: Alex Elder <elder@linaro.org>
Date: Tue, 9 Sep 2014 18:55:09 +0000 (-0500)
Subject: greybus: fix manifest parsing size bug
X-Git-Tag: v4.14-rc1~2366^2~378^2~21^2~2126
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e82bef42fdacd3434bd58738545a98c791fd64d1;p=platform%2Fkernel%2Flinux-rpi.git

greybus: fix manifest parsing size bug

The type-specific "create" routines that get called while parsing
the descriptor entries in the module manifest assume the size they
are provided is the size of their data portion only--not including
the descriptor header.

Compute this value in greybus_new_module(), and pass it to those
functions rather than the full descriptor size.  Move a few
declarations to the innermost block that uses them.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
---

diff --git a/drivers/staging/greybus/core.c b/drivers/staging/greybus/core.c
index 4b7034d..f239b96 100644
--- a/drivers/staging/greybus/core.c
+++ b/drivers/staging/greybus/core.c
@@ -354,10 +354,8 @@ struct greybus_device *greybus_new_module(struct device *parent,
 {
 	struct greybus_device *gdev;
 	struct greybus_manifest *manifest;
-	struct greybus_descriptor *desc;
 	int retval;
 	int overall_size;
-	int desc_size;
 	u8 version_major;
 	u8 version_minor;
 
@@ -395,6 +393,10 @@ struct greybus_device *greybus_new_module(struct device *parent,
 	size -= sizeof(manifest->header);
 	data += sizeof(manifest->header);
 	while (size > 0) {
+		struct greybus_descriptor *desc;
+		u16 desc_size;
+		size_t data_size;
+
 		if (size < sizeof(desc->header)) {
 			dev_err(parent, "remaining size %d too small\n", size);
 			goto error;
@@ -406,26 +408,27 @@ struct greybus_device *greybus_new_module(struct device *parent,
 				desc_size);
 			goto error;
 		}
+		data_size = (size_t)desc_size - sizeof(desc->header);
 
 		switch (le16_to_cpu(desc->header.type)) {
 		case GREYBUS_TYPE_FUNCTION:
-			retval = create_function(gdev, desc, desc_size);
+			retval = create_function(gdev, desc, data_size);
 			break;
 
 		case GREYBUS_TYPE_MODULE_ID:
-			retval = create_module_id(gdev, desc, desc_size);
+			retval = create_module_id(gdev, desc, data_size);
 			break;
 
 		case GREYBUS_TYPE_SERIAL_NUMBER:
-			retval = create_serial_number(gdev, desc, desc_size);
+			retval = create_serial_number(gdev, desc, data_size);
 			break;
 
 		case GREYBUS_TYPE_STRING:
-			retval = create_string(gdev, desc, desc_size);
+			retval = create_string(gdev, desc, data_size);
 			break;
 
 		case GREYBUS_TYPE_CPORT:
-			retval = create_cport(gdev, desc, desc_size);
+			retval = create_cport(gdev, desc, data_size);
 			break;
 
 		case GREYBUS_TYPE_INVALID: