| Message ID | 20220512083627.885338-6-tzungbi@kernel.org (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | platform/chrome: get rid of BUG_ON() | expand |
On Thu, May 12, 2022 at 1:36 AM Tzung-Bi Shih <tzungbi@kernel.org> wrote: > > It is overkill to crash the kernel if the given message is oversize. > > Drop the BUG_ON() and return -EINVAL instead. > > Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org> Reviewed-by: Guenter Roeck <groeck@chromium.org> > --- > drivers/platform/chrome/cros_ec_i2c.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/drivers/platform/chrome/cros_ec_i2c.c b/drivers/platform/chrome/cros_ec_i2c.c > index a4f305f1eb0e..9f5b95763173 100644 > --- a/drivers/platform/chrome/cros_ec_i2c.c > +++ b/drivers/platform/chrome/cros_ec_i2c.c > @@ -72,13 +72,19 @@ static int cros_ec_pkt_xfer_i2c(struct cros_ec_device *ec_dev, > i2c_msg[1].flags = I2C_M_RD; > > packet_len = msg->insize + response_header_size; > - BUG_ON(packet_len > ec_dev->din_size); > + if (packet_len > ec_dev->din_size) { > + ret = -EINVAL; > + goto done; > + } > in_buf = ec_dev->din; > i2c_msg[1].len = packet_len; > i2c_msg[1].buf = (char *) in_buf; > > packet_len = msg->outsize + request_header_size; > - BUG_ON(packet_len > ec_dev->dout_size); > + if (packet_len > ec_dev->dout_size) { > + ret = -EINVAL; > + goto done; > + } > out_buf = ec_dev->dout; > i2c_msg[0].len = packet_len; > i2c_msg[0].buf = (char *) out_buf; > -- > 2.36.0.512.ge40c2bad7a-goog >
diff --git a/drivers/platform/chrome/cros_ec_i2c.c b/drivers/platform/chrome/cros_ec_i2c.c index a4f305f1eb0e..9f5b95763173 100644 --- a/drivers/platform/chrome/cros_ec_i2c.c +++ b/drivers/platform/chrome/cros_ec_i2c.c @@ -72,13 +72,19 @@ static int cros_ec_pkt_xfer_i2c(struct cros_ec_device *ec_dev, i2c_msg[1].flags = I2C_M_RD; packet_len = msg->insize + response_header_size; - BUG_ON(packet_len > ec_dev->din_size); + if (packet_len > ec_dev->din_size) { + ret = -EINVAL; + goto done; + } in_buf = ec_dev->din; i2c_msg[1].len = packet_len; i2c_msg[1].buf = (char *) in_buf; packet_len = msg->outsize + request_header_size; - BUG_ON(packet_len > ec_dev->dout_size); + if (packet_len > ec_dev->dout_size) { + ret = -EINVAL; + goto done; + } out_buf = ec_dev->dout; i2c_msg[0].len = packet_len; i2c_msg[0].buf = (char *) out_buf;
It is overkill to crash the kernel if the given message is oversize. Drop the BUG_ON() and return -EINVAL instead. Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org> --- drivers/platform/chrome/cros_ec_i2c.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)