From dfcba8626f55fe5d6ba6e2847178cbf629740773 Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Tue, 26 Jul 2016 17:11:28 +0200 Subject: [PATCH] greybus: operation: fix broken response error messages The operation type included in the error message printed for malformed responses has never been correct. An uninitialised buffer was used to retrieve the type, resulting in the type always being reported as 0. Fix this by passing a properly aligned header to the response handler, and drop the now redundant id and result parameters. Fixes: cb0ef0c019ab ("operation: print message type on errors") Reviewed-by: Viresh Kumar Reviewed-by: Laurent Pinchart Signed-off-by: Johan Hovold Reviewed-by: Alex Elder Signed-off-by: Greg Kroah-Hartman --- drivers/staging/greybus/operation.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c index 7475ec79b36a..e26b1e118545 100644 --- a/drivers/staging/greybus/operation.c +++ b/drivers/staging/greybus/operation.c @@ -928,13 +928,16 @@ static void gb_connection_recv_request(struct gb_connection *connection, * data into the response buffer and handle the rest via workqueue. */ static void gb_connection_recv_response(struct gb_connection *connection, - u16 operation_id, u8 result, void *data, size_t size) + const struct gb_operation_msg_hdr *header, + void *data, size_t size) { - struct gb_operation_msg_hdr *header; struct gb_operation *operation; struct gb_message *message; - int errno = gb_operation_status_map(result); size_t message_size; + u16 operation_id; + int errno; + + operation_id = le16_to_cpu(header->operation_id); if (!operation_id) { dev_err_ratelimited(&connection->hd->dev, @@ -951,8 +954,8 @@ static void gb_connection_recv_response(struct gb_connection *connection, return; } + errno = gb_operation_status_map(header->result); message = operation->response; - header = message->header; message_size = sizeof(*header) + message->payload_size; if (!errno && size > message_size) { dev_err_ratelimited(&connection->hd->dev, @@ -979,7 +982,7 @@ static void gb_connection_recv_response(struct gb_connection *connection, /* The rest will be handled in work queue context */ if (gb_operation_result_set(operation, errno)) { - memcpy(header, data, size); + memcpy(message->buffer, data, size); queue_work(gb_operation_completion_wq, &operation->work); } @@ -1026,8 +1029,8 @@ void gb_connection_recv(struct gb_connection *connection, operation_id = le16_to_cpu(header.operation_id); if (header.type & GB_MESSAGE_TYPE_RESPONSE) - gb_connection_recv_response(connection, operation_id, - header.result, data, msg_size); + gb_connection_recv_response(connection, &header, data, + msg_size); else gb_connection_recv_request(connection, operation_id, header.type, data, msg_size); -- 2.20.1