greybus: short message is OK for errors
authorAlex Elder <elder@linaro.org>
Tue, 2 Dec 2014 14:30:29 +0000 (08:30 -0600)
committerGreg Kroah-Hartman <greg@kroah.com>
Tue, 2 Dec 2014 22:35:33 +0000 (14:35 -0800)
We enforce a rule that a response message must completely fill the
buffer that's been allocated to hold it.  However, if an error
occurs, the payload is off limits, so we should allow a short
message to convey an error result.

Change gb_connection_recv_response() to require the right message
size only if there's no error.

One other thing:  The arriving data is only being copied into the
response buffer if the request was successful.  That means the
response message header is assumed to have been initialized.  That
isn't a valid assumption.  So change it so that if an error is
seen, the header portion of the message is copied into the
response buffer--but only the header.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
drivers/staging/greybus/operation.c

index 1e0ce7d98618f7cb6eb05e0a9a573a681908bdee..2fd60ccb7018993382aaa91980d38d59b1cad794 100644 (file)
@@ -655,7 +655,6 @@ static void gb_connection_recv_response(struct gb_connection *connection,
 {
        struct gb_operation *operation;
        struct gb_message *message;
-       struct gb_operation_msg_hdr *header;
        int result;
 
        operation = gb_pending_operation_find(connection, operation_id);
@@ -668,19 +667,17 @@ static void gb_connection_recv_response(struct gb_connection *connection,
        gb_pending_operation_remove(operation);
 
        message = operation->response;
-       if (size == message->size) {
-               /* Transfer the operation result from the response header */
-               header = message->header;
-               result = gb_operation_status_map(header->result);
-       } else {
+       result = gb_operation_status_map(message->header->result);
+       if (!result && size != message->size) {
                gb_connection_err(connection, "bad message size (%zu != %zu)",
                        size, message->size);
                result = -EMSGSIZE;
        }
 
        /* We must ignore the payload if a bad status is returned */
-       if (!result)
-               memcpy(message->header, data, size);
+       if (result)
+               size = sizeof(*message->header);
+       memcpy(message->header, data, size);
 
        /* The rest will be handled in work queue context */
        if (gb_operation_result_set(operation, result))