[PATCH v2 08/11] staging/android: make info->len return only the size of fence_infos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Gustavo Padovan <gustavo.padovan@xxxxxxxxxxxxxxx>

The len member of struct sync_file_info was returning the size of the whole
buffer (struct sync_file_info + fence_infos at the of it). This commit
change it to return only the size of the array of fence_infos.

It also moves len to be right before the fences_infos struct.

Signed-off-by: Gustavo Padovan <gustavo.padovan@xxxxxxxxxxxxxxx>
---
 drivers/staging/android/sync.c      | 16 +++++++++++-----
 drivers/staging/android/uapi/sync.h |  7 +++----
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
index ba7d461..e5fbf5a 100644
--- a/drivers/staging/android/sync.c
+++ b/drivers/staging/android/sync.c
@@ -502,14 +502,19 @@ static int sync_fill_fence_info(struct fence *fence, void *data, int size)
 static long sync_file_ioctl_fence_info(struct sync_file *sync_file,
 					unsigned long arg)
 {
-	struct sync_file_info *info;
+	struct sync_file_info in, *info;
 	__u32 size;
-	__u32 len = 0;
+	__u32 b_len, len = 0;
 	int ret, i;
 
-	if (copy_from_user(&size, (void __user *)arg, sizeof(size)))
+	if (copy_from_user(&in, (void __user *)arg, sizeof(*info)))
 		return -EFAULT;
 
+	if (in.name || in.status || in.num_fences || in.fence_info)
+		return -EFAULT;
+
+	size = in.len;
+
 	if (size < sizeof(struct sync_file_info))
 		return -EINVAL;
 
@@ -527,8 +532,9 @@ static long sync_file_ioctl_fence_info(struct sync_file *sync_file,
 
 	info->num_fences = sync_file->num_fences;
 
-	len = sizeof(struct sync_file_info) - sizeof(__u64);
+	b_len = sizeof(struct sync_file_info) - sizeof(__u64);
 
+	len = b_len;
 	for (i = 0; i < sync_file->num_fences; ++i) {
 		struct fence *fence = sync_file->cbs[i].fence;
 
@@ -540,7 +546,7 @@ static long sync_file_ioctl_fence_info(struct sync_file *sync_file,
 		len += ret;
 	}
 
-	info->len = len;
+	info->len = len - b_len;
 
 	if (copy_to_user((void __user *)arg, info, len))
 		ret = -EFAULT;
diff --git a/drivers/staging/android/uapi/sync.h b/drivers/staging/android/uapi/sync.h
index 01a10b7..9ad3763 100644
--- a/drivers/staging/android/uapi/sync.h
+++ b/drivers/staging/android/uapi/sync.h
@@ -42,19 +42,18 @@ struct fence_info {
 
 /**
  * struct sync_file_info - data returned from fence info ioctl
- * @len:	ioctl caller writes the size of the buffer its passing in.
- *		ioctl returns length of sync_file_info returned to
- *		userspace including pt_info.
  * @name:	name of fence
  * @status:	status of fence. 1: signaled 0:active <0:error
  * @num_fences	number of fences in the sync_file
+ * @len:	ioctl caller writes the size of the buffer its passing in.
+ *		ioctl returns length of all fence_infos summed.
  * @fence_info:	a fence_info struct for every fence in the sync_file
  */
 struct sync_file_info {
-	__u32	len;
 	char	name[32];
 	__s32	status;
 	__u32	num_fences;
+	__u32	len;
 
 	__u64	fence_info;
 };
-- 
2.5.0

_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel



[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux