On Mon, Dec 04, 2023 at 06:40:06PM +0530, Ayush Singh wrote:
> Ensure that the following values are little-endian:
> - header->pad (which is used for cport_id)
> - header->size
>
> Fixes: ec558bbfea67 ("greybus: Add BeaglePlay Linux Driver")
> Reported-by: kernel test robot <yujie.liu@xxxxxxxxx>
> Closes: https://lore.kernel.org/r/202311072329.Xogj7hGW-lkp@xxxxxxxxx/
> Signed-off-by: Ayush Singh <ayushdevel1325@xxxxxxxxx>
> ---
> V3:
> - Fix endiness while sending.
> V2: https://lists.linaro.org/archives/list/greybus-dev@xxxxxxxxxxxxxxxx/thread/L53UN5ROSG4M6OE7CU5Y3L5F44T6ZPCC/
> - Ensure endianess for header->pad
> V1: https://lists.linaro.org/archives/list/greybus-dev@xxxxxxxxxxxxxxxx/message/K7UJ6PEAWBLNDMHLT2IO6OP5LQISHRUO/
>
> drivers/greybus/gb-beagleplay.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/greybus/gb-beagleplay.c b/drivers/greybus/gb-beagleplay.c
> index 43318c1993ba..8b21c3e1e612 100644
> --- a/drivers/greybus/gb-beagleplay.c
> +++ b/drivers/greybus/gb-beagleplay.c
> @@ -93,9 +93,9 @@ static void hdlc_rx_greybus_frame(struct gb_beagleplay *bg, u8 *buf, u16 len)
> memcpy(&cport_id, hdr->pad, sizeof(cport_id));
>
> dev_dbg(&bg->sd->dev, "Greybus Operation %u type %X cport %u status %u received",
> - hdr->operation_id, hdr->type, cport_id, hdr->result);
> + hdr->operation_id, hdr->type, le16_to_cpu(cport_id), hdr->result);
>
> - greybus_data_rcvd(bg->gb_hd, cport_id, buf, len);
> + greybus_data_rcvd(bg->gb_hd, le16_to_cpu(cport_id), buf, len);
This looks broken; a quick against mainline (and linux-next) check shows
cport_id to be u16.
I think you want get_unaligned_le16() or something instead of that
memcpy() above.
But that just begs the question: why has this driver repurposed the pad
bytes like this? The header still says that these shall be set to zero.
> }
>
> static void hdlc_rx_dbg_frame(const struct gb_beagleplay *bg, const char *buf, u16 len)
> @@ -340,14 +340,15 @@ static int gb_message_send(struct gb_host_device *hd, u16 cport, struct gb_messa
> {
> struct gb_beagleplay *bg = dev_get_drvdata(&hd->dev);
> struct hdlc_payload payloads[2];
> + __le16 cport_id = cpu_to_le16(cport);
>
> dev_dbg(&hd->dev, "Sending greybus message with Operation %u, Type: %X on Cport %u",
> msg->header->operation_id, msg->header->type, cport);
>
> - if (msg->header->size > RX_HDLC_PAYLOAD)
> + if (le16_to_cpu(msg->header->size) > RX_HDLC_PAYLOAD)
> return dev_err_probe(&hd->dev, -E2BIG, "Greybus message too big");
>
> - memcpy(msg->header->pad, &cport, sizeof(cport));
> + memcpy(msg->header->pad, &cport_id, sizeof(cport_id));
put_unaligned_le16(), if the driver should be messing with the pad
bytes like this at all...
>
> payloads[0].buf = msg->header;
> payloads[0].len = sizeof(*msg->header);
Johan
_______________________________________________
greybus-dev mailing list -- greybus-dev@xxxxxxxxxxxxxxxx
To unsubscribe send an email to greybus-dev-leave@xxxxxxxxxxxxxxxx
|