mei: revamp mei_data2slots
1. Move the mei_data2slots to mei_dev.h as it will be used
by the all supported HW.
2. Change return value from u8 to u32 to catch possible overflows
3. Eliminate computing the slots number twice in the same function
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/misc/mei/amthif.c b/drivers/misc/mei/amthif.c
index c86d7e3..9a5e8c7 100644
--- a/drivers/misc/mei/amthif.c
+++ b/drivers/misc/mei/amthif.c
@@ -449,7 +449,7 @@
struct mei_msg_hdr mei_hdr;
struct mei_cl *cl = cb->cl;
size_t len = dev->iamthif_msg_buf_size - dev->iamthif_msg_buf_index;
- size_t msg_slots = mei_data2slots(len);
+ u32 msg_slots = mei_data2slots(len);
mei_hdr.host_addr = cl->host_client_id;
mei_hdr.me_addr = cl->me_client_id;
@@ -566,12 +566,13 @@
*/
int mei_amthif_irq_read(struct mei_device *dev, s32 *slots)
{
+ u32 msg_slots = mei_data2slots(sizeof(struct hbm_flow_control));
- if (((*slots) * sizeof(u32)) < (sizeof(struct mei_msg_hdr)
- + sizeof(struct hbm_flow_control))) {
+ if (*slots < msg_slots)
return -EMSGSIZE;
- }
- *slots -= mei_data2slots(sizeof(struct hbm_flow_control));
+
+ *slots -= msg_slots;
+
if (mei_hbm_cl_flow_control_req(dev, &dev->iamthif_cl)) {
dev_dbg(&dev->pdev->dev, "iamthif flow control failed\n");
return -EIO;
diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c
index 45ea718..d21e5a7 100644
--- a/drivers/misc/mei/hw-me.c
+++ b/drivers/misc/mei/hw-me.c
@@ -295,10 +295,11 @@
unsigned char *buf)
{
struct mei_me_hw *hw = to_me_hw(dev);
- unsigned long rem, dw_cnt;
+ unsigned long rem;
unsigned long length = header->length;
u32 *reg_buf = (u32 *)buf;
u32 hcsr;
+ u32 dw_cnt;
int i;
int empty_slots;
diff --git a/drivers/misc/mei/hw-me.h b/drivers/misc/mei/hw-me.h
index 8518d3e..80bd829 100644
--- a/drivers/misc/mei/hw-me.h
+++ b/drivers/misc/mei/hw-me.h
@@ -36,12 +36,6 @@
struct mei_device *mei_me_dev_init(struct pci_dev *pdev);
-/* get slots (dwords) from a message length + header (bytes) */
-static inline unsigned char mei_data2slots(size_t length)
-{
- return DIV_ROUND_UP(sizeof(struct mei_msg_hdr) + length, 4);
-}
-
irqreturn_t mei_me_irq_quick_handler(int irq, void *dev_id);
irqreturn_t mei_me_irq_thread_handler(int irq, void *dev_id);
diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c
index 3535b26..14c70b8 100644
--- a/drivers/misc/mei/interrupt.c
+++ b/drivers/misc/mei/interrupt.c
@@ -153,25 +153,27 @@
struct mei_cl *cl,
struct mei_cl_cb *cmpl_list)
{
- if ((*slots * sizeof(u32)) < (sizeof(struct mei_msg_hdr) +
- sizeof(struct hbm_client_connect_request)))
- return -EBADMSG;
+ u32 msg_slots =
+ mei_data2slots(sizeof(struct hbm_client_connect_request));
- *slots -= mei_data2slots(sizeof(struct hbm_client_connect_request));
+ if (*slots < msg_slots)
+ return -EMSGSIZE;
+
+ *slots -= msg_slots;
if (mei_hbm_cl_disconnect_req(dev, cl)) {
cl->status = 0;
cb_pos->buf_idx = 0;
list_move_tail(&cb_pos->list, &cmpl_list->list);
- return -EMSGSIZE;
- } else {
- cl->state = MEI_FILE_DISCONNECTING;
- cl->status = 0;
- cb_pos->buf_idx = 0;
- list_move_tail(&cb_pos->list, &dev->ctrl_rd_list.list);
- cl->timer_count = MEI_CONNECT_TIMEOUT;
+ return -EIO;
}
+ cl->state = MEI_FILE_DISCONNECTING;
+ cl->status = 0;
+ cb_pos->buf_idx = 0;
+ list_move_tail(&cb_pos->list, &dev->ctrl_rd_list.list);
+ cl->timer_count = MEI_CONNECT_TIMEOUT;
+
return 0;
}
@@ -192,14 +194,15 @@
struct mei_cl *cl,
struct mei_cl_cb *cmpl_list)
{
- if ((*slots * sizeof(u32)) < (sizeof(struct mei_msg_hdr) +
- sizeof(struct hbm_flow_control))) {
+ u32 msg_slots = mei_data2slots(sizeof(struct hbm_flow_control));
+
+ if (*slots < msg_slots) {
/* return the cancel routine */
list_del(&cb_pos->list);
- return -EBADMSG;
+ return -EMSGSIZE;
}
- *slots -= mei_data2slots(sizeof(struct hbm_flow_control));
+ *slots -= msg_slots;
if (mei_hbm_cl_flow_control_req(dev, cl)) {
cl->status = -ENODEV;
@@ -229,15 +232,19 @@
struct mei_cl *cl,
struct mei_cl_cb *cmpl_list)
{
- if ((*slots * sizeof(u32)) < (sizeof(struct mei_msg_hdr) +
- sizeof(struct hbm_client_connect_request))) {
+ u32 msg_slots =
+ mei_data2slots(sizeof(struct hbm_client_connect_request));
+
+ if (*slots < msg_slots) {
/* return the cancel routine */
list_del(&cb_pos->list);
- return -EBADMSG;
+ return -EMSGSIZE;
}
+ *slots -= msg_slots;
+
cl->state = MEI_FILE_CONNECTING;
- *slots -= mei_data2slots(sizeof(struct hbm_client_connect_request));
+
if (mei_hbm_cl_connect_req(dev, cl)) {
cl->status = -ENODEV;
cb_pos->buf_idx = 0;
@@ -266,7 +273,7 @@
struct mei_msg_hdr mei_hdr;
struct mei_cl *cl = cb->cl;
size_t len = cb->request_buffer.size - cb->buf_idx;
- size_t msg_slots = mei_data2slots(len);
+ u32 msg_slots = mei_data2slots(len);
mei_hdr.host_addr = cl->host_client_id;
mei_hdr.me_addr = cl->me_client_id;
@@ -419,8 +426,7 @@
*
* returns 0 on success, <0 on failure.
*/
-int mei_irq_write_handler(struct mei_device *dev,
- struct mei_cl_cb *cmpl_list)
+int mei_irq_write_handler(struct mei_device *dev, struct mei_cl_cb *cmpl_list)
{
struct mei_cl *cl;
diff --git a/drivers/misc/mei/mei_dev.h b/drivers/misc/mei/mei_dev.h
index cb80166..09a2af4 100644
--- a/drivers/misc/mei/mei_dev.h
+++ b/drivers/misc/mei/mei_dev.h
@@ -374,6 +374,17 @@
return msecs_to_jiffies(sec * MSEC_PER_SEC);
}
+/**
+ * mei_data2slots - get slots - number of (dwords) from a message length
+ * + size of the mei header
+ * @length - size of the messages in bytes
+ * returns - number of slots
+ */
+static inline u32 mei_data2slots(size_t length)
+{
+ return DIV_ROUND_UP(sizeof(struct mei_msg_hdr) + length, 4);
+}
+
/*
* mei init function prototypes