From: Tzung-Bi Shih Date: Fri, 13 May 2022 04:41:43 +0000 (+0800) Subject: platform/chrome: cros_ec_spi: drop BUG_ON() if `din` isn't large enough X-Git-Tag: v5.19-rc1~135^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bbd43a37ec7a02e81dc0afb2c6194957518a904b;p=thirdparty%2Flinux.git platform/chrome: cros_ec_spi: drop BUG_ON() if `din` isn't large enough It is overkill to crash the kernel if the `din` buffer is going to full or overflow. Drop the BUG_ON() and return -EINVAL instead. Signed-off-by: Tzung-Bi Shih Reviewed-by: Guenter Roeck Link: https://lore.kernel.org/r/20220513044143.1045728-8-tzungbi@kernel.org --- diff --git a/drivers/platform/chrome/cros_ec_spi.c b/drivers/platform/chrome/cros_ec_spi.c index 5264615f46aff..7360b3ff6e4fc 100644 --- a/drivers/platform/chrome/cros_ec_spi.c +++ b/drivers/platform/chrome/cros_ec_spi.c @@ -160,7 +160,8 @@ static int receive_n_bytes(struct cros_ec_device *ec_dev, u8 *buf, int n) struct spi_message msg; int ret; - BUG_ON(buf - ec_dev->din + n > ec_dev->din_size); + if (buf - ec_dev->din + n > ec_dev->din_size) + return -EINVAL; memset(&trans, 0, sizeof(trans)); trans.cs_change = 1; @@ -197,7 +198,8 @@ static int cros_ec_spi_receive_packet(struct cros_ec_device *ec_dev, unsigned long deadline; int todo; - BUG_ON(ec_dev->din_size < EC_MSG_PREAMBLE_COUNT); + if (ec_dev->din_size < EC_MSG_PREAMBLE_COUNT) + return -EINVAL; /* Receive data until we see the header byte */ deadline = jiffies + msecs_to_jiffies(EC_MSG_DEADLINE_MS); @@ -304,7 +306,8 @@ static int cros_ec_spi_receive_response(struct cros_ec_device *ec_dev, unsigned long deadline; int todo; - BUG_ON(ec_dev->din_size < EC_MSG_PREAMBLE_COUNT); + if (ec_dev->din_size < EC_MSG_PREAMBLE_COUNT) + return -EINVAL; /* Receive data until we see the header byte */ deadline = jiffies + msecs_to_jiffies(EC_MSG_DEADLINE_MS);