| Message ID | Yph+Cd+JrfOH0i7z@kili (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | d9a251a029f23e79c1ac394bc551ed5d536bc740 |
| Headers | show |
| Series | [1/2] ASoC: SOF: ipc-msg-injector: Propagate write errors correctly | expand |
On 02/06/2022 12:08, Dan Carpenter wrote: > This code is supposed to propagate errors from simple_write_to_buffer() > or return -EFAULT if "size != count". However "size" needs to be signed > for the code to work correctly and the case where "size == 0" is not > handled correctly. Thanks Dan! Acked-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com> > Fixes: 066c67624d8c ("ASoC: SOF: ipc-msg-injector: Add support for IPC4 messages") > Fixes: 2f0b1b013bbc ("ASoC: SOF: debug: Add support for IPC message injection") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > sound/soc/sof/sof-client-ipc-msg-injector.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/sound/soc/sof/sof-client-ipc-msg-injector.c b/sound/soc/sof/sof-client-ipc-msg-injector.c > index 03490a4d4ae7..030cb97d7713 100644 > --- a/sound/soc/sof/sof-client-ipc-msg-injector.c > +++ b/sound/soc/sof/sof-client-ipc-msg-injector.c > @@ -150,7 +150,7 @@ static ssize_t sof_msg_inject_dfs_write(struct file *file, const char __user *bu > { > struct sof_client_dev *cdev = file->private_data; > struct sof_msg_inject_priv *priv = cdev->data; > - size_t size; > + ssize_t size; > int ret; > > if (*ppos) > @@ -158,8 +158,10 @@ static ssize_t sof_msg_inject_dfs_write(struct file *file, const char __user *bu > > size = simple_write_to_buffer(priv->tx_buffer, priv->max_msg_size, > ppos, buffer, count); > + if (size < 0) > + return size; > if (size != count) > - return size > 0 ? -EFAULT : size; > + return -EFAULT; > > memset(priv->rx_buffer, 0, priv->max_msg_size); > > @@ -179,7 +181,7 @@ static ssize_t sof_msg_inject_ipc4_dfs_write(struct file *file, > struct sof_client_dev *cdev = file->private_data; > struct sof_msg_inject_priv *priv = cdev->data; > struct sof_ipc4_msg *ipc4_msg = priv->tx_buffer; > - size_t size; > + ssize_t size; > int ret; > > if (*ppos) > @@ -192,8 +194,10 @@ static ssize_t sof_msg_inject_ipc4_dfs_write(struct file *file, > size = simple_write_to_buffer(&ipc4_msg->header_u64, > sizeof(ipc4_msg->header_u64), > ppos, buffer, count); > + if (size < 0) > + return size; > if (size != sizeof(ipc4_msg->header_u64)) > - return size > 0 ? -EFAULT : size; > + return -EFAULT; > > count -= size; > if (!count) { > @@ -201,8 +205,10 @@ static ssize_t sof_msg_inject_ipc4_dfs_write(struct file *file, > size = simple_write_to_buffer(ipc4_msg->data_ptr, > priv->max_msg_size, ppos, buffer, > count); > + if (size < 0) > + return size; > if (size != count) > - return size > 0 ? -EFAULT : size; > + return -EFAULT; > } > > ipc4_msg->data_size = count;
On Thu, 2 Jun 2022 12:08:25 +0300, Dan Carpenter wrote: > This code is supposed to propagate errors from simple_write_to_buffer() > or return -EFAULT if "size != count". However "size" needs to be signed > for the code to work correctly and the case where "size == 0" is not > handled correctly. > > Applied to https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next Thanks! [1/2] ASoC: SOF: ipc-msg-injector: Propagate write errors correctly commit: d9a251a029f23e79c1ac394bc551ed5d536bc740 [2/2] ASoC: SOF: ipc-msg-injector: Fix reversed if statement commit: bedc357217e6e09623f6209c891fa8d57a737ac1 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
diff --git a/sound/soc/sof/sof-client-ipc-msg-injector.c b/sound/soc/sof/sof-client-ipc-msg-injector.c index 03490a4d4ae7..030cb97d7713 100644 --- a/sound/soc/sof/sof-client-ipc-msg-injector.c +++ b/sound/soc/sof/sof-client-ipc-msg-injector.c @@ -150,7 +150,7 @@ static ssize_t sof_msg_inject_dfs_write(struct file *file, const char __user *bu { struct sof_client_dev *cdev = file->private_data; struct sof_msg_inject_priv *priv = cdev->data; - size_t size; + ssize_t size; int ret; if (*ppos) @@ -158,8 +158,10 @@ static ssize_t sof_msg_inject_dfs_write(struct file *file, const char __user *bu size = simple_write_to_buffer(priv->tx_buffer, priv->max_msg_size, ppos, buffer, count); + if (size < 0) + return size; if (size != count) - return size > 0 ? -EFAULT : size; + return -EFAULT; memset(priv->rx_buffer, 0, priv->max_msg_size); @@ -179,7 +181,7 @@ static ssize_t sof_msg_inject_ipc4_dfs_write(struct file *file, struct sof_client_dev *cdev = file->private_data; struct sof_msg_inject_priv *priv = cdev->data; struct sof_ipc4_msg *ipc4_msg = priv->tx_buffer; - size_t size; + ssize_t size; int ret; if (*ppos) @@ -192,8 +194,10 @@ static ssize_t sof_msg_inject_ipc4_dfs_write(struct file *file, size = simple_write_to_buffer(&ipc4_msg->header_u64, sizeof(ipc4_msg->header_u64), ppos, buffer, count); + if (size < 0) + return size; if (size != sizeof(ipc4_msg->header_u64)) - return size > 0 ? -EFAULT : size; + return -EFAULT; count -= size; if (!count) { @@ -201,8 +205,10 @@ static ssize_t sof_msg_inject_ipc4_dfs_write(struct file *file, size = simple_write_to_buffer(ipc4_msg->data_ptr, priv->max_msg_size, ppos, buffer, count); + if (size < 0) + return size; if (size != count) - return size > 0 ? -EFAULT : size; + return -EFAULT; } ipc4_msg->data_size = count;
This code is supposed to propagate errors from simple_write_to_buffer() or return -EFAULT if "size != count". However "size" needs to be signed for the code to work correctly and the case where "size == 0" is not handled correctly. Fixes: 066c67624d8c ("ASoC: SOF: ipc-msg-injector: Add support for IPC4 messages") Fixes: 2f0b1b013bbc ("ASoC: SOF: debug: Add support for IPC message injection") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- sound/soc/sof/sof-client-ipc-msg-injector.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)