staging/rdma/hfi1: Guard i2c access against cp
authorDean Luick <dean.luick@intel.com>
Thu, 18 Feb 2016 19:12:51 +0000 (11:12 -0800)
committerDoug Ledford <dledford@redhat.com>
Fri, 11 Mar 2016 01:45:45 +0000 (20:45 -0500)
An attempt to cp or cat /sys/kernel/debug/hfi1/hfi1_0/i2c1
produces this message:

hfi1 0000:81:00.0: hfi1_0: IB0:1 I2C failed even retrying

Fix the issue by explicitly rejecting a simple cat/cp with an
-EINVAL error return.

Reviewed-by: Easwar Hariharan <easwar.hariharan@intel.com>
Signed-off-by: Dean Luick <dean.luick@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/staging/rdma/hfi1/debugfs.c

index 4fd58e374bb701c40ad8dc208825c50875054dbb..07c16b343ba09c41b6d00f0c4dd76ebb7d9804f8 100644 (file)
@@ -446,6 +446,16 @@ static ssize_t __i2c_debugfs_write(struct file *file, const char __user *buf,
        rcu_read_lock();
        ppd = private2ppd(file);
 
+       /* byte offset format: [offsetSize][i2cAddr][offsetHigh][offsetLow] */
+       i2c_addr = (*ppos >> 16) & 0xffff;
+       offset = *ppos & 0xffff;
+
+       /* explicitly reject invalid address 0 to catch cp and cat */
+       if (i2c_addr == 0) {
+               ret = -EINVAL;
+               goto _return;
+       }
+
        buff = kmalloc(count, GFP_KERNEL);
        if (!buff) {
                ret = -ENOMEM;
@@ -458,10 +468,6 @@ static ssize_t __i2c_debugfs_write(struct file *file, const char __user *buf,
                goto _free;
        }
 
-       /* byte offset format: [offsetSize][i2cAddr][offsetHigh][offsetLow] */
-       i2c_addr = (*ppos >> 16) & 0xffff;
-       offset = *ppos & 0xffff;
-
        total_written = i2c_write(ppd, target, i2c_addr, offset, buff, count);
        if (total_written < 0) {
                ret = total_written;
@@ -507,16 +513,22 @@ static ssize_t __i2c_debugfs_read(struct file *file, char __user *buf,
        rcu_read_lock();
        ppd = private2ppd(file);
 
+       /* byte offset format: [offsetSize][i2cAddr][offsetHigh][offsetLow] */
+       i2c_addr = (*ppos >> 16) & 0xffff;
+       offset = *ppos & 0xffff;
+
+       /* explicitly reject invalid address 0 to catch cp and cat */
+       if (i2c_addr == 0) {
+               ret = -EINVAL;
+               goto _return;
+       }
+
        buff = kmalloc(count, GFP_KERNEL);
        if (!buff) {
                ret = -ENOMEM;
                goto _return;
        }
 
-       /* byte offset format: [offsetSize][i2cAddr][offsetHigh][offsetLow] */
-       i2c_addr = (*ppos >> 16) & 0xffff;
-       offset = *ppos & 0xffff;
-
        total_read = i2c_read(ppd, target, i2c_addr, offset, buff, count);
        if (total_read < 0) {
                ret = total_read;