| Message ID | 20220512083627.885338-7-tzungbi@kernel.org (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | platform/chrome: get rid of BUG_ON() | expand |
On Thu, May 12, 2022 at 1:37 AM Tzung-Bi Shih <tzungbi@kernel.org> wrote: > > It is overkill to crash the kernel if the `din` buffer is going to full > or overflow. > > Drop the BUG_ON() and return -EINVAL instead. > > Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org> Wonder if the return code should be -EPROTO instead, but I don't have a strong opinion. Reviewed-by: Guenter Roeck <groeck@chromium.org> > --- > drivers/platform/chrome/cros_ec_spi.c | 15 ++++++++++----- > 1 file changed, 10 insertions(+), 5 deletions(-) > > diff --git a/drivers/platform/chrome/cros_ec_spi.c b/drivers/platform/chrome/cros_ec_spi.c > index 589f18e9537d..0a938f317adc 100644 > --- a/drivers/platform/chrome/cros_ec_spi.c > +++ b/drivers/platform/chrome/cros_ec_spi.c > @@ -160,7 +160,8 @@ static int receive_n_bytes(struct cros_ec_device *ec_dev, u8 *buf, int n) > struct spi_message msg; > int ret; > > - BUG_ON(buf - ec_dev->din + n > ec_dev->din_size); > + if (buf - ec_dev->din + n > ec_dev->din_size) > + return -EINVAL; > > memset(&trans, 0, sizeof(trans)); > trans.cs_change = 1; > @@ -197,7 +198,8 @@ static int cros_ec_spi_receive_packet(struct cros_ec_device *ec_dev, > unsigned long deadline; > int todo; > > - BUG_ON(ec_dev->din_size < EC_MSG_PREAMBLE_COUNT); > + if (ec_dev->din_size < EC_MSG_PREAMBLE_COUNT) > + return -EINVAL; > > /* Receive data until we see the header byte */ > deadline = jiffies + msecs_to_jiffies(EC_MSG_DEADLINE_MS); > @@ -237,7 +239,8 @@ static int cros_ec_spi_receive_packet(struct cros_ec_device *ec_dev, > * start of our buffer > */ > todo = end - ++ptr; > - BUG_ON(todo < 0 || todo > ec_dev->din_size); > + if (todo < 0 || todo > ec_dev->din_size) > + return -EINVAL; > todo = min(todo, need_len); > memmove(ec_dev->din, ptr, todo); > ptr = ec_dev->din + todo; > @@ -305,7 +308,8 @@ static int cros_ec_spi_receive_response(struct cros_ec_device *ec_dev, > unsigned long deadline; > int todo; > > - BUG_ON(ec_dev->din_size < EC_MSG_PREAMBLE_COUNT); > + if (ec_dev->din_size < EC_MSG_PREAMBLE_COUNT) > + return -EINVAL; > > /* Receive data until we see the header byte */ > deadline = jiffies + msecs_to_jiffies(EC_MSG_DEADLINE_MS); > @@ -345,7 +349,8 @@ static int cros_ec_spi_receive_response(struct cros_ec_device *ec_dev, > * start of our buffer > */ > todo = end - ++ptr; > - BUG_ON(todo < 0 || todo > ec_dev->din_size); > + if (todo < 0 || todo > ec_dev->din_size) > + return -EINVAL; > todo = min(todo, need_len); > memmove(ec_dev->din, ptr, todo); > ptr = ec_dev->din + todo; > -- > 2.36.0.512.ge40c2bad7a-goog >
On Thu, May 12, 2022 at 08:14:10AM -0700, Guenter Roeck wrote: > On Thu, May 12, 2022 at 1:37 AM Tzung-Bi Shih <tzungbi@kernel.org> wrote: > > > > It is overkill to crash the kernel if the `din` buffer is going to full > > or overflow. > > > > Drop the BUG_ON() and return -EINVAL instead. > > > > Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org> > > Wonder if the return code should be -EPROTO instead, but I don't have > a strong opinion. Thanks for the review. I am going to split the patch into 2 smaller pieces. For those related to preamble bytes, at the first glance, they could use -EPROTO. But, no, they are irrelevant to the protocol. I would drop them. See [1]. For those `din` isn't large enough, I would keep using -EINVAL as they look more like the `ec_dev` didn't configure correctly. See [2]. [1]: https://patchwork.kernel.org/project/chrome-platform/patch/20220513044143.1045728-7-tzungbi@kernel.org/ [2]: https://patchwork.kernel.org/project/chrome-platform/patch/20220513044143.1045728-8-tzungbi@kernel.org/
diff --git a/drivers/platform/chrome/cros_ec_spi.c b/drivers/platform/chrome/cros_ec_spi.c index 589f18e9537d..0a938f317adc 100644 --- a/drivers/platform/chrome/cros_ec_spi.c +++ b/drivers/platform/chrome/cros_ec_spi.c @@ -160,7 +160,8 @@ static int receive_n_bytes(struct cros_ec_device *ec_dev, u8 *buf, int n) struct spi_message msg; int ret; - BUG_ON(buf - ec_dev->din + n > ec_dev->din_size); + if (buf - ec_dev->din + n > ec_dev->din_size) + return -EINVAL; memset(&trans, 0, sizeof(trans)); trans.cs_change = 1; @@ -197,7 +198,8 @@ static int cros_ec_spi_receive_packet(struct cros_ec_device *ec_dev, unsigned long deadline; int todo; - BUG_ON(ec_dev->din_size < EC_MSG_PREAMBLE_COUNT); + if (ec_dev->din_size < EC_MSG_PREAMBLE_COUNT) + return -EINVAL; /* Receive data until we see the header byte */ deadline = jiffies + msecs_to_jiffies(EC_MSG_DEADLINE_MS); @@ -237,7 +239,8 @@ static int cros_ec_spi_receive_packet(struct cros_ec_device *ec_dev, * start of our buffer */ todo = end - ++ptr; - BUG_ON(todo < 0 || todo > ec_dev->din_size); + if (todo < 0 || todo > ec_dev->din_size) + return -EINVAL; todo = min(todo, need_len); memmove(ec_dev->din, ptr, todo); ptr = ec_dev->din + todo; @@ -305,7 +308,8 @@ static int cros_ec_spi_receive_response(struct cros_ec_device *ec_dev, unsigned long deadline; int todo; - BUG_ON(ec_dev->din_size < EC_MSG_PREAMBLE_COUNT); + if (ec_dev->din_size < EC_MSG_PREAMBLE_COUNT) + return -EINVAL; /* Receive data until we see the header byte */ deadline = jiffies + msecs_to_jiffies(EC_MSG_DEADLINE_MS); @@ -345,7 +349,8 @@ static int cros_ec_spi_receive_response(struct cros_ec_device *ec_dev, * start of our buffer */ todo = end - ++ptr; - BUG_ON(todo < 0 || todo > ec_dev->din_size); + if (todo < 0 || todo > ec_dev->din_size) + return -EINVAL; todo = min(todo, need_len); memmove(ec_dev->din, ptr, todo); ptr = ec_dev->din + todo;
It is overkill to crash the kernel if the `din` buffer is going to full or overflow. Drop the BUG_ON() and return -EINVAL instead. Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org> --- drivers/platform/chrome/cros_ec_spi.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-)