| Message ID | 1651196214-7114-1-git-send-email-baihaowen@meizu.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [V4] iio: gp2ap020a00f: Fix signedness bug | expand |
On Fri, 29 Apr 2022 09:36:54 +0800 Haowen Bai <baihaowen@meizu.com> wrote: > function gp2ap020a00f_get_thresh_reg() is unsigned but returning -EINVAL > errcode, and thresh_reg_l is unsigned but receiving -EINVAL errcode. so > we have to change u8 -> int. Also we need to do index bound check at > gp2ap020a00f_read_event_val(). > > Signed-off-by: Haowen Bai <baihaowen@meizu.com> Hi Haowen Bai, Please add a fixes tag. Also, this thread is getting rather deep and illustrates why I tend to ask for each new version of IIO patches to be posted without replying to previous thread (so start a new thread). One issue below with locking. Thanks, Jonathan > --- > V1->V2: s8 is not enough to hold an (arbitrary) error code. To be on the safe > side we need to use int. > V2->V3: add bound check at gp2ap020a00f_read_event_val(). > V3->V4: > 1. add fix tag. > 2. add check before use at gp2ap020a00f_write_event_val(). > 3. returns an error we should pass that on unchanged at > gp2ap020a00f_read_event_val() > > drivers/iio/light/gp2ap020a00f.c | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) > > diff --git a/drivers/iio/light/gp2ap020a00f.c b/drivers/iio/light/gp2ap020a00f.c > index b820041159f7..13583e1191d4 100644 > --- a/drivers/iio/light/gp2ap020a00f.c > +++ b/drivers/iio/light/gp2ap020a00f.c > @@ -994,7 +994,7 @@ static irqreturn_t gp2ap020a00f_trigger_handler(int irq, void *data) > return IRQ_HANDLED; > } > > -static u8 gp2ap020a00f_get_thresh_reg(const struct iio_chan_spec *chan, > +static int gp2ap020a00f_get_thresh_reg(const struct iio_chan_spec *chan, > enum iio_event_direction event_dir) > { > switch (chan->type) { > @@ -1025,12 +1025,18 @@ static int gp2ap020a00f_write_event_val(struct iio_dev *indio_dev, > struct gp2ap020a00f_data *data = iio_priv(indio_dev); > bool event_en = false; > u8 thresh_val_id; > - u8 thresh_reg_l; > + int thresh_reg_l; > int err = 0; > > mutex_lock(&data->lock); > > thresh_reg_l = gp2ap020a00f_get_thresh_reg(chan, dir); > + > + if (thresh_reg_l < 0){ > + err = thresh_reg_l; > + goto error_unlock; > + } > + > thresh_val_id = GP2AP020A00F_THRESH_VAL_ID(thresh_reg_l); > > if (thresh_val_id > GP2AP020A00F_THRESH_PH) { > @@ -1082,13 +1088,16 @@ static int gp2ap020a00f_read_event_val(struct iio_dev *indio_dev, > int *val, int *val2) > { > struct gp2ap020a00f_data *data = iio_priv(indio_dev); > - u8 thresh_reg_l; > + int thresh_reg_l; > int err = IIO_VAL_INT; > > mutex_lock(&data->lock); > > thresh_reg_l = gp2ap020a00f_get_thresh_reg(chan, dir); > > + if (thresh_reg_l < 0) mutex_unlock() ? I'd expect something like if (thresh_reg_l < 0) { err = thresh_reg_l; goto error_unlock; } > + return thresh_reg_l; > + > if (thresh_reg_l > GP2AP020A00F_PH_L_REG) { > err = -EINVAL; > goto error_unlock;
diff --git a/drivers/iio/light/gp2ap020a00f.c b/drivers/iio/light/gp2ap020a00f.c index b820041159f7..13583e1191d4 100644 --- a/drivers/iio/light/gp2ap020a00f.c +++ b/drivers/iio/light/gp2ap020a00f.c @@ -994,7 +994,7 @@ static irqreturn_t gp2ap020a00f_trigger_handler(int irq, void *data) return IRQ_HANDLED; } -static u8 gp2ap020a00f_get_thresh_reg(const struct iio_chan_spec *chan, +static int gp2ap020a00f_get_thresh_reg(const struct iio_chan_spec *chan, enum iio_event_direction event_dir) { switch (chan->type) { @@ -1025,12 +1025,18 @@ static int gp2ap020a00f_write_event_val(struct iio_dev *indio_dev, struct gp2ap020a00f_data *data = iio_priv(indio_dev); bool event_en = false; u8 thresh_val_id; - u8 thresh_reg_l; + int thresh_reg_l; int err = 0; mutex_lock(&data->lock); thresh_reg_l = gp2ap020a00f_get_thresh_reg(chan, dir); + + if (thresh_reg_l < 0){ + err = thresh_reg_l; + goto error_unlock; + } + thresh_val_id = GP2AP020A00F_THRESH_VAL_ID(thresh_reg_l); if (thresh_val_id > GP2AP020A00F_THRESH_PH) { @@ -1082,13 +1088,16 @@ static int gp2ap020a00f_read_event_val(struct iio_dev *indio_dev, int *val, int *val2) { struct gp2ap020a00f_data *data = iio_priv(indio_dev); - u8 thresh_reg_l; + int thresh_reg_l; int err = IIO_VAL_INT; mutex_lock(&data->lock); thresh_reg_l = gp2ap020a00f_get_thresh_reg(chan, dir); + if (thresh_reg_l < 0) + return thresh_reg_l; + if (thresh_reg_l > GP2AP020A00F_PH_L_REG) { err = -EINVAL; goto error_unlock;
function gp2ap020a00f_get_thresh_reg() is unsigned but returning -EINVAL errcode, and thresh_reg_l is unsigned but receiving -EINVAL errcode. so we have to change u8 -> int. Also we need to do index bound check at gp2ap020a00f_read_event_val(). Signed-off-by: Haowen Bai <baihaowen@meizu.com> --- V1->V2: s8 is not enough to hold an (arbitrary) error code. To be on the safe side we need to use int. V2->V3: add bound check at gp2ap020a00f_read_event_val(). V3->V4: 1. add fix tag. 2. add check before use at gp2ap020a00f_write_event_val(). 3. returns an error we should pass that on unchanged at gp2ap020a00f_read_event_val() drivers/iio/light/gp2ap020a00f.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)