From aa3a4d12093b818ac2b9fe3e0454ae0090201254 Mon Sep 17 00:00:00 2001 From: Alex Elder Date: Tue, 25 Nov 2014 13:06:45 -0600 Subject: [PATCH] greybus: enforce receive buffer size When an operation is created its receive buffer size is specified. In all current cases, the size supplied for the receive buffer is exactly the size that should be returned. In other words, if any fewer than that many bytes arrived in a response, it would be an error. So tighten the check on the number of bytes arriving for a response message, ensuring that the number of bytes received is *exactly the same* as the number of bytes available (rather than just less than). We'll expand our interpretation of of -EMSGSIZE to mean "wrong message size" rather than just "message too long." If we someday encounter an actual case where we want to be able to successfully receive something less than the full receive buffer we can adjust the code to handle that (and give it a way to tell the receiver how many bytes are present). Signed-off-by: Alex Elder Signed-off-by: Greg Kroah-Hartman --- drivers/staging/greybus/operation.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c index 5e5c0977f..c3864bd 100644 --- a/drivers/staging/greybus/operation.c +++ b/drivers/staging/greybus/operation.c @@ -599,12 +599,13 @@ static void gb_connection_recv_response(struct gb_connection *connection, gb_pending_operation_remove(operation); message = operation->response; - if (size <= message->size) { + if (size == message->size) { /* Transfer the operation result from the response header */ header = message->header; result = gb_operation_status_map(header->result); } else { - gb_connection_err(connection, "recv buffer too small"); + gb_connection_err(connection, "bad message size (%zu != %zu)", + size, message->size); result = -EMSGSIZE; } -- 2.7.4