Commit ab3cf8dc authored by Alex Elder's avatar Alex Elder Committed by Greg Kroah-Hartman
Browse files

greybus: enforce max representable message size



We represent the size of a message using a 16-bit field.  It's
possible for a host driver to advertise a maximum message size
that's bigger than that.  If that happens, reduce the host device's
maximum buffer size to the maximum we can represent the first time
a message is allocated.

This information is actually only used by the Greybus code, but
because we're modifying a value that's "owned" by the host driver,
issue a warning when this limit is being imposed

Ensure (at build time) that our own definition is sane as well.

Signed-off-by: default avatarAlex Elder <elder@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <greg@kroah.com>
parent 94b15d76
Loading
Loading
Loading
Loading
+9 −0
Original line number Diff line number Diff line
@@ -299,6 +299,12 @@ gb_operation_message_alloc(struct greybus_host_device *hd, u8 type,
	size_t size;
	u8 *buffer;

	if (hd->buffer_size_max > GB_OPERATION_MESSAGE_SIZE_MAX) {
		pr_warn("limiting buffer size to %u\n",
			GB_OPERATION_MESSAGE_SIZE_MAX);
		hd->buffer_size_max = GB_OPERATION_MESSAGE_SIZE_MAX;
	}

	if (message_size > hd->buffer_size_max)
		return NULL;

@@ -750,6 +756,9 @@ int gb_operation_sync(struct gb_connection *connection, int type,

int gb_operation_init(void)
{
	BUILD_BUG_ON(GB_OPERATION_MESSAGE_SIZE_MAX >
			U16_MAX - sizeof(struct gb_operation_msg_hdr));

	gb_operation_cache = kmem_cache_create("gb_operation_cache",
				sizeof(struct gb_operation), 0, 0, NULL);
	if (!gb_operation_cache)