diff options
author | Randall Spangler <rspangler@chromium.org> | 2012-07-11 15:56:34 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-07-12 11:32:06 -0700 |
commit | 02f0ad7ea8b955d456e1e692e6e6e1a7199f2de1 (patch) | |
tree | 587675bd9d001646cd1540e2c3124fed4e8bd797 | |
parent | 347b5062a429922cabfa49de8f11fe8cebf8f9f1 (diff) | |
download | chrome-ec-02f0ad7ea8b955d456e1e692e6e6e1a7199f2de1.tar.gz |
Pass maximum size of response buffer in via host command handler args
BUG=chrome-os-partner:11275
TEST=from u-boot prompt, 'mkbp hash'
Change-Id: I4cf37acfdd8e4edfe2cb6259b0fc6d0860ef0f79
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/27225
-rw-r--r-- | chip/lm4/lpc.c | 1 | ||||
-rw-r--r-- | chip/stm32/i2c.c | 1 | ||||
-rw-r--r-- | chip/stm32/spi.c | 1 | ||||
-rw-r--r-- | common/flash_commands.c | 3 | ||||
-rw-r--r-- | common/host_command.c | 2 | ||||
-rw-r--r-- | common/pstore_commands.c | 2 | ||||
-rw-r--r-- | include/host_command.h | 8 |
7 files changed, 12 insertions, 6 deletions
diff --git a/chip/lm4/lpc.c b/chip/lm4/lpc.c index 73f55bbb9d..eb66289615 100644 --- a/chip/lm4/lpc.c +++ b/chip/lm4/lpc.c @@ -377,6 +377,7 @@ static void lpc_interrupt(void) host_cmd_args.params = host_get_buffer(); host_cmd_args.params_size = EC_PARAM_SIZE; host_cmd_args.response = host_get_buffer(); + host_cmd_args.response_max = EC_PARAM_SIZE; host_cmd_args.response_size = 0; host_command_received(&host_cmd_args); } diff --git a/chip/stm32/i2c.c b/chip/stm32/i2c.c index 51ed3ae1dd..bb6fb729a9 100644 --- a/chip/stm32/i2c.c +++ b/chip/stm32/i2c.c @@ -179,6 +179,7 @@ static void i2c_event_handler(int port) host_cmd_args.params_size = EC_PARAM_SIZE; /* skip room for error code */ host_cmd_args.response = host_buffer + 1; + host_cmd_args.response_max = EC_PARAM_SIZE; host_cmd_args.response_size = 0; host_command_received(&host_cmd_args); /* reset host buffer after end of transfer */ diff --git a/chip/stm32/spi.c b/chip/stm32/spi.c index 43386cbe0a..219b82311a 100644 --- a/chip/stm32/spi.c +++ b/chip/stm32/spi.c @@ -192,6 +192,7 @@ static void spi_interrupt(int port) args.params_size = sizeof(out_msg) - SPI_MSG_PROTO_BYTES; /* TODO: use a different initial buffer for params vs. response */ args.response = args.params; + args.response_max = sizeof(out_msg) - SPI_MSG_PROTO_BYTES; args.response_size = 0; status = host_command_process(&args); diff --git a/common/flash_commands.c b/common/flash_commands.c index d8953bc3c7..590e090b0e 100644 --- a/common/flash_commands.c +++ b/common/flash_commands.c @@ -207,9 +207,6 @@ static int flash_command_read(struct host_cmd_handler_args *args) const struct ec_params_flash_read *p = (const struct ec_params_flash_read *)args->params; - if (p->size > EC_PARAM_SIZE) - return EC_RES_INVALID_PARAM; - if (flash_dataptr(p->offset, p->size, 1, (char **)&args->response) < 0) return EC_RES_ERROR; diff --git a/common/host_command.c b/common/host_command.c index 716119b909..3e0ea06d5d 100644 --- a/common/host_command.c +++ b/common/host_command.c @@ -146,7 +146,7 @@ static int host_command_read_memmap(struct host_cmd_handler_args *args) uint8_t offset = p->offset; uint8_t size = p->size; - if (size > EC_PARAM_SIZE || offset > EC_MEMMAP_SIZE || + if (size > EC_MEMMAP_SIZE || offset > EC_MEMMAP_SIZE || offset + size > EC_MEMMAP_SIZE) return EC_RES_INVALID_PARAM; diff --git a/common/pstore_commands.c b/common/pstore_commands.c index 9717d3ccdb..4b09c9bfcd 100644 --- a/common/pstore_commands.c +++ b/common/pstore_commands.c @@ -37,7 +37,7 @@ int pstore_command_read(struct host_cmd_handler_args *args) int offset = p->offset % block_size; int bytes_left = p->size; - if (p->size > sizeof(EC_PARAM_SIZE)) + if (p->size > args->response_max) return EC_RES_INVALID_PARAM; while (bytes_left) { diff --git a/include/host_command.h b/include/host_command.h index 566d90f190..fa2a52119d 100644 --- a/include/host_command.h +++ b/include/host_command.h @@ -19,11 +19,17 @@ struct host_cmd_handler_args { uint8_t params_size; /* Size of input parameters in bytes */ /* * Pointer to output response data buffer. On input to the handler, - * points to a EC_PARAM_SIZE-byte buffer. Command handler can change + * points to a buffer of size response_max. Command handler can change * this to point to a different location instead of memcpy()'ing data * into the provided buffer. */ uint8_t *response; + /* + * Maximum size of response buffer provided to command handler. If the + * handler changes response to point to its own larger buffer, it may + * return a response_size greater than response_max. + */ + uint8_t response_max; uint8_t response_size; /* Size of data pointed to by resp_ptr */ }; |