greybus: enforce max representable message size
authorAlex Elder <elder@linaro.org>
Mon, 1 Dec 2014 13:53:07 +0000 (07:53 -0600)
committerGreg Kroah-Hartman <greg@kroah.com>
Tue, 2 Dec 2014 04:40:35 +0000 (20:40 -0800)
We represent the size of a message using a 16-bit field.  It's
possible for a host driver to advertise a maximum message size
that's bigger than that.  If that happens, reduce the host device's
maximum buffer size to the maximum we can represent the first time
a message is allocated.

This information is actually only used by the Greybus code, but
because we're modifying a value that's "owned" by the host driver,
issue a warning when this limit is being imposed

Ensure (at build time) that our own definition is sane as well.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
drivers/staging/greybus/operation.c

index 7617410f7c5a8daa2b0654e20af3df0d91740577..8a023cbbf511e9c2334ebeea9f605223a23cee32 100644 (file)
@@ -299,6 +299,12 @@ gb_operation_message_alloc(struct greybus_host_device *hd, u8 type,
        size_t size;
        u8 *buffer;
 
+       if (hd->buffer_size_max > GB_OPERATION_MESSAGE_SIZE_MAX) {
+               pr_warn("limiting buffer size to %u\n",
+                       GB_OPERATION_MESSAGE_SIZE_MAX);
+               hd->buffer_size_max = GB_OPERATION_MESSAGE_SIZE_MAX;
+       }
+
        if (message_size > hd->buffer_size_max)
                return NULL;
 
@@ -750,6 +756,9 @@ int gb_operation_sync(struct gb_connection *connection, int type,
 
 int gb_operation_init(void)
 {
+       BUILD_BUG_ON(GB_OPERATION_MESSAGE_SIZE_MAX >
+                       U16_MAX - sizeof(struct gb_operation_msg_hdr));
+
        gb_operation_cache = kmem_cache_create("gb_operation_cache",
                                sizeof(struct gb_operation), 0, 0, NULL);
        if (!gb_operation_cache)