From: Alex Elder Date: Tue, 25 Nov 2014 19:06:45 +0000 (-0600) Subject: greybus: enforce receive buffer size X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=aa3a4d12093b818ac2b9fe3e0454ae0090201254;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git greybus: enforce receive buffer size When an operation is created its receive buffer size is specified. In all current cases, the size supplied for the receive buffer is exactly the size that should be returned. In other words, if any fewer than that many bytes arrived in a response, it would be an error. So tighten the check on the number of bytes arriving for a response message, ensuring that the number of bytes received is *exactly the same* as the number of bytes available (rather than just less than). We'll expand our interpretation of of -EMSGSIZE to mean "wrong message size" rather than just "message too long." If we someday encounter an actual case where we want to be able to successfully receive something less than the full receive buffer we can adjust the code to handle that (and give it a way to tell the receiver how many bytes are present). Signed-off-by: Alex Elder Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c index 5e5c0977f35d..c3864bde5200 100644 --- a/drivers/staging/greybus/operation.c +++ b/drivers/staging/greybus/operation.c @@ -599,12 +599,13 @@ static void gb_connection_recv_response(struct gb_connection *connection, gb_pending_operation_remove(operation); message = operation->response; - if (size <= message->size) { + if (size == message->size) { /* Transfer the operation result from the response header */ header = message->header; result = gb_operation_status_map(header->result); } else { - gb_connection_err(connection, "recv buffer too small"); + gb_connection_err(connection, "bad message size (%zu != %zu)", + size, message->size); result = -EMSGSIZE; }