rpmsgblk: use a fixed length struct to transfer between two cpus
It may cause out_of_bounds when two side have different configuartion on NAME_MAX and FS_LARGEFILE(affects size of blkcnt_t) Signed-off-by: liaoao <liaoao@xiaomi.com>
This commit is contained in:
liaoao
Xiang Xiao
parent
4b25a0dfa5
commit
cf27a8484f
|
|
@ -434,9 +434,7 @@ static int rpmsgblk_geometry(FAR struct inode *inode,
|
|||
FAR struct geometry *geometry)
|
||||
{
|
||||
FAR struct rpmsgblk_s *priv = inode->i_private;
|
||||
struct rpmsgblk_geometry_s *msg;
|
||||
uint32_t space;
|
||||
int msglen;
|
||||
struct rpmsgblk_geometry_s msg;
|
||||
int ret;
|
||||
|
||||
/* Sanity checks */
|
||||
|
|
@ -457,25 +455,19 @@ static int rpmsgblk_geometry(FAR struct inode *inode,
|
|||
goto out;
|
||||
}
|
||||
|
||||
msglen = sizeof(*msg) + sizeof(*geometry) - 1;
|
||||
|
||||
msg = rpmsgblk_get_tx_payload_buffer(priv, &space);
|
||||
if (msg == NULL)
|
||||
{
|
||||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
DEBUGASSERT(space > msglen);
|
||||
|
||||
msg->arg = (uintptr_t)geometry;
|
||||
msg->arglen = sizeof(*geometry);
|
||||
memcpy(msg->buf, geometry, sizeof(*geometry));
|
||||
|
||||
ret = rpmsgblk_send_recv(priv, RPMSGBLK_GEOMETRY, false, &msg->header,
|
||||
msglen, geometry);
|
||||
ret = rpmsgblk_send_recv(priv, RPMSGBLK_GEOMETRY, true, &msg.header,
|
||||
sizeof(msg), NULL);
|
||||
if (ret >= 0)
|
||||
{
|
||||
DEBUGASSERT(msg.nsectors == (blkcnt_t)msg.nsectors);
|
||||
DEBUGASSERT(strlen(msg.model) <= RPMSGBLK_NAME_MAX);
|
||||
|
||||
geometry->geo_available = msg.available;
|
||||
geometry->geo_mediachanged = msg.mediachanged;
|
||||
geometry->geo_writeenabled = msg.writeenabled;
|
||||
geometry->geo_nsectors = msg.nsectors;
|
||||
geometry->geo_sectorsize = msg.sectorsize;
|
||||
strlcpy(geometry->geo_model, msg.model, sizeof(geometry->geo_model));
|
||||
memcpy(&priv->geo, geometry, sizeof(priv->geo));
|
||||
}
|
||||
|
||||
|
|
@ -520,8 +512,6 @@ static ssize_t rpmsgblk_ioctl_arglen(int cmd, unsigned long arg)
|
|||
return sizeof(struct mtd_smart_procfs_data_s);
|
||||
case BIOC_DEBUGCMD:
|
||||
return sizeof(struct mtd_smart_debug_data_s);
|
||||
case BIOC_GEOMETRY:
|
||||
return sizeof(struct geometry);
|
||||
case BIOC_PARTINFO:
|
||||
return sizeof(struct partition_info_s);
|
||||
case BIOC_BLKSSZGET:
|
||||
|
|
@ -586,6 +576,11 @@ static int rpmsgblk_ioctl(FAR struct inode *inode, int cmd,
|
|||
|
||||
DEBUGASSERT(priv != NULL);
|
||||
|
||||
if (cmd == BIOC_GEOMETRY)
|
||||
{
|
||||
return rpmsgblk_geometry(inode, (FAR struct geometry *)arg);
|
||||
}
|
||||
|
||||
/* Call our internal routine to perform the ioctl */
|
||||
|
||||
arglen = rpmsgblk_ioctl_arglen(cmd, arg);
|
||||
|
|
@ -895,12 +890,11 @@ static int rpmsgblk_geometry_handler(FAR struct rpmsg_endpoint *ept,
|
|||
FAR struct rpmsgblk_header_s *header = data;
|
||||
FAR struct rpmsgblk_cookie_s *cookie =
|
||||
(FAR struct rpmsgblk_cookie_s *)(uintptr_t)header->cookie;
|
||||
FAR struct rpmsgblk_geometry_s *rsp = data;
|
||||
|
||||
cookie->result = header->result;
|
||||
if (cookie->result >= 0 && rsp->arglen > 0)
|
||||
if (cookie->result >= 0)
|
||||
{
|
||||
memcpy(cookie->data, rsp->buf, rsp->arglen);
|
||||
memcpy(cookie->data, data, len);
|
||||
}
|
||||
|
||||
return rpmsg_post(ept, &cookie->sem);
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@
|
|||
|
||||
#define RPMSGBLK_NAME_PREFIX "rpmsgblk-"
|
||||
#define RPMSGBLK_NAME_PREFIX_LEN 9
|
||||
#define RPMSGBLK_NAME_MAX 32
|
||||
|
||||
#define RPMSGBLK_OPEN 1
|
||||
#define RPMSGBLK_CLOSE 2
|
||||
|
|
@ -76,9 +77,12 @@ begin_packed_struct struct rpmsgblk_read_s
|
|||
begin_packed_struct struct rpmsgblk_geometry_s
|
||||
{
|
||||
struct rpmsgblk_header_s header;
|
||||
uint64_t arg;
|
||||
uint32_t arglen;
|
||||
char buf[1];
|
||||
uint16_t available;
|
||||
uint16_t mediachanged;
|
||||
uint16_t writeenabled;
|
||||
uint16_t sectorsize;
|
||||
uint64_t nsectors;
|
||||
char model[RPMSGBLK_NAME_MAX + 1];
|
||||
} end_packed_struct;
|
||||
|
||||
begin_packed_struct struct rpmsgblk_ioctl_s
|
||||
|
|
@ -90,11 +94,6 @@ begin_packed_struct struct rpmsgblk_ioctl_s
|
|||
char buf[1];
|
||||
} end_packed_struct;
|
||||
|
||||
begin_packed_struct struct rpmsgblk_unlink_s
|
||||
{
|
||||
struct rpmsgblk_header_s header;
|
||||
} end_packed_struct;
|
||||
|
||||
/****************************************************************************
|
||||
* Internal function prototypes
|
||||
****************************************************************************/
|
||||
|
|
|
|||
|
|
@ -287,6 +287,7 @@ static int rpmsgblk_geometry_handler(FAR struct rpmsg_endpoint *ept,
|
|||
{
|
||||
FAR struct rpmsgblk_server_s *server = ept->priv;
|
||||
FAR struct rpmsgblk_geometry_s *msg = data;
|
||||
struct geometry geo;
|
||||
|
||||
#ifndef CONFIG_DISABLE_PSEUDOFS_OPERATIONS
|
||||
if (server->blknode->i_peer == NULL)
|
||||
|
|
@ -296,10 +297,16 @@ static int rpmsgblk_geometry_handler(FAR struct rpmsg_endpoint *ept,
|
|||
}
|
||||
#endif
|
||||
|
||||
DEBUGASSERT(msg->arglen == sizeof(struct geometry));
|
||||
msg->header.result = server->bops->geometry(server->blknode, &geo);
|
||||
|
||||
msg->header.result = server->bops->geometry(
|
||||
server->blknode, (FAR struct geometry *)msg->buf);
|
||||
DEBUGASSERT(strlen(geo.geo_model) <= RPMSGBLK_NAME_MAX);
|
||||
|
||||
msg->available = geo.geo_available;
|
||||
msg->mediachanged = geo.geo_mediachanged;
|
||||
msg->writeenabled = geo.geo_writeenabled;
|
||||
msg->nsectors = geo.geo_nsectors;
|
||||
msg->sectorsize = geo.geo_sectorsize;
|
||||
strlcpy(msg->model, geo.geo_model, sizeof(msg->model));
|
||||
|
||||
return rpmsg_send(ept, msg, len);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue