diff options
Diffstat (limited to 'drivers/misc/mei/main.c')
| -rw-r--r-- | drivers/misc/mei/main.c | 33 |
1 files changed, 15 insertions, 18 deletions
diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c index e8b0858132c1..3d4f6d17d74c 100644 --- a/drivers/misc/mei/main.c +++ b/drivers/misc/mei/main.c | |||
| @@ -415,16 +415,15 @@ static ssize_t mei_read(struct file *file, char __user *ubuf, | |||
| 415 | goto out; | 415 | goto out; |
| 416 | } | 416 | } |
| 417 | 417 | ||
| 418 | if (cl->read_cb && cl->read_cb->information > *offset) { | 418 | if (cl->read_cb && cl->read_cb->buf_idx > *offset) { |
| 419 | cb = cl->read_cb; | 419 | cb = cl->read_cb; |
| 420 | goto copy_buffer; | 420 | goto copy_buffer; |
| 421 | } else if (cl->read_cb && cl->read_cb->information > 0 && | 421 | } else if (cl->read_cb && cl->read_cb->buf_idx > 0 && |
| 422 | cl->read_cb->information <= *offset) { | 422 | cl->read_cb->buf_idx <= *offset) { |
| 423 | cb = cl->read_cb; | 423 | cb = cl->read_cb; |
| 424 | rets = 0; | 424 | rets = 0; |
| 425 | goto free; | 425 | goto free; |
| 426 | } else if ((!cl->read_cb || !cl->read_cb->information) && | 426 | } else if ((!cl->read_cb || !cl->read_cb->buf_idx) && *offset > 0) { |
| 427 | *offset > 0) { | ||
| 428 | /*Offset needs to be cleaned for contiguous reads*/ | 427 | /*Offset needs to be cleaned for contiguous reads*/ |
| 429 | *offset = 0; | 428 | *offset = 0; |
| 430 | rets = 0; | 429 | rets = 0; |
| @@ -481,16 +480,15 @@ static ssize_t mei_read(struct file *file, char __user *ubuf, | |||
| 481 | copy_buffer: | 480 | copy_buffer: |
| 482 | dev_dbg(&dev->pdev->dev, "cb->response_buffer size - %d\n", | 481 | dev_dbg(&dev->pdev->dev, "cb->response_buffer size - %d\n", |
| 483 | cb->response_buffer.size); | 482 | cb->response_buffer.size); |
| 484 | dev_dbg(&dev->pdev->dev, "cb->information - %lu\n", | 483 | dev_dbg(&dev->pdev->dev, "cb->buf_idx - %lu\n", cb->buf_idx); |
| 485 | cb->information); | 484 | if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { |
| 486 | if (length == 0 || ubuf == NULL || *offset > cb->information) { | ||
| 487 | rets = -EMSGSIZE; | 485 | rets = -EMSGSIZE; |
| 488 | goto free; | 486 | goto free; |
| 489 | } | 487 | } |
| 490 | 488 | ||
| 491 | /* length is being truncated to PAGE_SIZE, however, */ | 489 | /* length is being truncated to PAGE_SIZE, |
| 492 | /* information size may be longer */ | 490 | * however buf_idx may point beyond that */ |
| 493 | length = min_t(size_t, length, (cb->information - *offset)); | 491 | length = min_t(size_t, length, cb->buf_idx - *offset); |
| 494 | 492 | ||
| 495 | if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { | 493 | if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { |
| 496 | rets = -EFAULT; | 494 | rets = -EFAULT; |
| @@ -499,7 +497,7 @@ copy_buffer: | |||
| 499 | 497 | ||
| 500 | rets = length; | 498 | rets = length; |
| 501 | *offset += length; | 499 | *offset += length; |
| 502 | if ((unsigned long)*offset < cb->information) | 500 | if ((unsigned long)*offset < cb->buf_idx) |
| 503 | goto out; | 501 | goto out; |
| 504 | 502 | ||
| 505 | free: | 503 | free: |
| @@ -637,7 +635,7 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, | |||
| 637 | 635 | ||
| 638 | write_cb->response_buffer.size = dev->iamthif_mtu; | 636 | write_cb->response_buffer.size = dev->iamthif_mtu; |
| 639 | write_cb->major_file_operations = MEI_IOCTL; | 637 | write_cb->major_file_operations = MEI_IOCTL; |
| 640 | write_cb->information = 0; | 638 | write_cb->buf_idx = 0; |
| 641 | write_cb->request_buffer.size = length; | 639 | write_cb->request_buffer.size = length; |
| 642 | if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { | 640 | if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { |
| 643 | rets = -ENODEV; | 641 | rets = -ENODEV; |
| @@ -668,9 +666,8 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, | |||
| 668 | } | 666 | } |
| 669 | 667 | ||
| 670 | write_cb->major_file_operations = MEI_WRITE; | 668 | write_cb->major_file_operations = MEI_WRITE; |
| 671 | /* make sure information is zero before we start */ | 669 | /* make sure buffer index is zero before we start */ |
| 672 | 670 | write_cb->buf_idx = 0; | |
| 673 | write_cb->information = 0; | ||
| 674 | write_cb->request_buffer.size = length; | 671 | write_cb->request_buffer.size = length; |
| 675 | 672 | ||
| 676 | dev_dbg(&dev->pdev->dev, "host client = %d, ME client = %d\n", | 673 | dev_dbg(&dev->pdev->dev, "host client = %d, ME client = %d\n", |
| @@ -719,7 +716,7 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, | |||
| 719 | goto unlock_dev; | 716 | goto unlock_dev; |
| 720 | } | 717 | } |
| 721 | cl->writing_state = MEI_WRITING; | 718 | cl->writing_state = MEI_WRITING; |
| 722 | write_cb->information = mei_hdr.length; | 719 | write_cb->buf_idx = mei_hdr.length; |
| 723 | if (mei_hdr.msg_complete) { | 720 | if (mei_hdr.msg_complete) { |
| 724 | if (mei_flow_ctrl_reduce(dev, cl)) { | 721 | if (mei_flow_ctrl_reduce(dev, cl)) { |
| 725 | rets = -ENODEV; | 722 | rets = -ENODEV; |
| @@ -734,7 +731,7 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, | |||
| 734 | 731 | ||
| 735 | } else { | 732 | } else { |
| 736 | 733 | ||
| 737 | write_cb->information = 0; | 734 | write_cb->buf_idx = 0; |
| 738 | cl->writing_state = MEI_WRITING; | 735 | cl->writing_state = MEI_WRITING; |
| 739 | list_add_tail(&write_cb->cb_list, | 736 | list_add_tail(&write_cb->cb_list, |
| 740 | &dev->write_list.mei_cb.cb_list); | 737 | &dev->write_list.mei_cb.cb_list); |