Commit fcb136e1 authored by Tomas Winkler's avatar Tomas Winkler Committed by Greg Kroah-Hartman
Browse files

mei: fix reading large reposnes 



While writting to device is limitted to max_msg_length advertized
in client properites the read can be much longer delivered consequiting chunks.

We use krealloc to enlarge the buffer when needed.

Signed-off-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 6e0f180f

drivers/misc/mei/bus.c

+4 −4
Original line number Diff line number Diff line
@@ -286,7 +286,7 @@ int __mei_cl_recv(struct mei_cl *cl, u8 *buf, size_t length) 
	mutex_lock(&dev->device_lock);



	if (!cl->read_cb) {

		err = mei_cl_read_start(cl);

		err = mei_cl_read_start(cl, length);

		if (err < 0) {

			mutex_unlock(&dev->device_lock);

			return err;
@@ -378,7 +378,7 @@ static void mei_bus_event_work(struct work_struct *work) 
	device->events = 0;



	/* Prepare for the next read */

	mei_cl_read_start(device->cl);

	mei_cl_read_start(device->cl, 0);

}



int mei_cl_register_event_cb(struct mei_cl_device *device,
@@ -392,7 +392,7 @@ int mei_cl_register_event_cb(struct mei_cl_device *device, 
	device->event_context = context;

	INIT_WORK(&device->event_work, mei_bus_event_work);



	mei_cl_read_start(device->cl);

	mei_cl_read_start(device->cl, 0);



	return 0;

}
@@ -436,7 +436,7 @@ int mei_cl_enable_device(struct mei_cl_device *device) 
	mutex_unlock(&dev->device_lock);



	if (device->event_cb && !cl->read_cb)

		mei_cl_read_start(device->cl);

		mei_cl_read_start(device->cl, 0);



	if (!device->ops || !device->ops->enable)

		return 0;

drivers/misc/mei/client.c

+4 −3
Original line number Diff line number Diff line
@@ -624,7 +624,7 @@ int mei_cl_flow_ctrl_reduce(struct mei_cl *cl) 
 *

 * returns 0 on success, <0 on failure.

 */

int mei_cl_read_start(struct mei_cl *cl)

int mei_cl_read_start(struct mei_cl *cl, size_t length)

{

	struct mei_device *dev;

	struct mei_cl_cb *cb;
@@ -657,8 +657,9 @@ int mei_cl_read_start(struct mei_cl *cl) 
	if (!cb)

		return -ENOMEM;



	rets = mei_io_cb_alloc_resp_buf(cb,

			dev->me_clients[i].props.max_msg_length);

	/* always allocate at least client max message */

	length = max_t(size_t, length, dev->me_clients[i].props.max_msg_length);

	rets = mei_io_cb_alloc_resp_buf(cb, length);

	if (rets)

		goto err;

drivers/misc/mei/client.h

+1 −1
Original line number Diff line number Diff line
@@ -87,7 +87,7 @@ int mei_cl_flow_ctrl_reduce(struct mei_cl *cl); 
bool mei_cl_is_other_connecting(struct mei_cl *cl);

int mei_cl_disconnect(struct mei_cl *cl);

int mei_cl_connect(struct mei_cl *cl, struct file *file);

int mei_cl_read_start(struct mei_cl *cl);

int mei_cl_read_start(struct mei_cl *cl, size_t length);

int mei_cl_write(struct mei_cl *cl, struct mei_cl_cb *cb, bool blocking);



void mei_host_client_init(struct work_struct *work);

drivers/misc/mei/interrupt.c

+15 −3
Original line number Diff line number Diff line
@@ -145,10 +145,22 @@ static int mei_cl_irq_read_msg(struct mei_device *dev, 
		}



		if (cb->response_buffer.size < mei_hdr->length + cb->buf_idx) {

			dev_warn(&dev->pdev->dev, "message overflow.\n");

			dev_dbg(&dev->pdev->dev, "message overflow. size %d len %d idx %ld\n",

				cb->response_buffer.size,

				mei_hdr->length, cb->buf_idx);

			cb->response_buffer.data =

					krealloc(cb->response_buffer.data,

					mei_hdr->length + cb->buf_idx,

					GFP_KERNEL);



			if (!cb->response_buffer.data) {

				dev_err(&dev->pdev->dev, "allocation failed.\n");

				list_del(&cb->list);

				return -ENOMEM;

			}

			cb->response_buffer.size =

				mei_hdr->length + cb->buf_idx;

		}



		buffer = cb->response_buffer.data + cb->buf_idx;

		mei_read_slots(dev, buffer, mei_hdr->length);

drivers/misc/mei/main.c

+3 −4
Original line number Diff line number Diff line
@@ -244,7 +244,7 @@ static ssize_t mei_read(struct file *file, char __user *ubuf, 
		goto out;

	}



	err = mei_cl_read_start(cl);

	err = mei_cl_read_start(cl, length);

	if (err && err != -EBUSY) {

		dev_dbg(&dev->pdev->dev,

			"mei start read failure with status = %d\n", err);
@@ -292,9 +292,8 @@ static ssize_t mei_read(struct file *file, char __user *ubuf, 
	}

	/* now copy the data to user space */

copy_buffer:

	dev_dbg(&dev->pdev->dev, "cb->response_buffer size - %d\n",

	    cb->response_buffer.size);

	dev_dbg(&dev->pdev->dev, "cb->buf_idx - %lu\n", cb->buf_idx);

	dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n",

	    cb->response_buffer.size, cb->buf_idx);

	if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {

		rets = -EMSGSIZE;

		goto free;

CRA Git | Maintained and supported by SUSTech CRA and CCSE