From: Jes Sorensen <Jes.Sorensen@xxxxxxxxxx>
Note, this changes the behavior of visorchannel_read(). The old code
would return the channel header, if the offset argument was 0, and the
caller tried to read beyond the size of the visorchannel. Note this
only worked for offset == 0, but not for
(offset > 0) && (offset < header_size), which was inconsistent.
The new implementation returns an error if someone tries to read
beyond the visorchannel size.
Signed-off-by: Jes Sorensen <Jes.Sorensen@xxxxxxxxxx>
Signed-off-by: Benjamin Romer <benjamin.romer@xxxxxxxxxx>
---
drivers/staging/unisys/visorbus/visorchannel.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/unisys/visorbus/visorchannel.c b/drivers/staging/unisys/visorbus/visorchannel.c
index bf75aa0..cae62fed 100644
--- a/drivers/staging/unisys/visorbus/visorchannel.c
+++ b/drivers/staging/unisys/visorbus/visorchannel.c
@@ -200,13 +200,12 @@ int
visorchannel_read(struct visorchannel *channel, ulong offset,
void *local, ulong nbytes)
{
- int rc;
- size_t size = sizeof(struct channel_header);
+ if (offset + nbytes > channel->memregion.nbytes)
+ return -EIO;
- rc = visor_memregion_read(&channel->memregion, offset, local, nbytes);
- if (rc && !offset && (nbytes >= size))
- memcpy(&channel->chan_hdr, local, size);
- return rc;
+ memcpy_fromio(local, channel->memregion.mapped + offset, nbytes);
+
+ return 0;
}
EXPORT_SYMBOL_GPL(visorchannel_read);
--
2.1.4
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
