diff --git a/msm/dp/dp_debug.c b/msm/dp/dp_debug.c index 4155375217..fa6bee7c37 100644 --- a/msm/dp/dp_debug.c +++ b/msm/dp/dp_debug.c @@ -191,7 +191,7 @@ static ssize_t dp_debug_write_dpcd(struct file *file, size = min_t(size_t, count, SZ_2K); - if (size <= char_to_nib) + if (size <= 4) goto bail; buf = kzalloc(size, GFP_KERNEL); @@ -221,6 +221,8 @@ static ssize_t dp_debug_write_dpcd(struct file *file, } size -= 4; + if (size == 0) + goto bail; dpcd_size = size / char_to_nib; data_len = dpcd_size; @@ -320,6 +322,7 @@ static ssize_t dp_debug_read_dpcd(struct file *file, debug->aux->dpcd_updated(debug->aux); } + len = min_t(size_t, count, len); if (!copy_to_user(user_buff, buf, len)) *ppos += len; @@ -743,6 +746,7 @@ static ssize_t dp_debug_max_pclk_khz_read(struct file *file, debug->dp_debug.max_pclk_khz, debug->parser->max_pclk_khz); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); return -EFAULT; @@ -904,6 +908,7 @@ static ssize_t dp_debug_read_connected(struct file *file, len += snprintf(buf, SZ_8, "%d\n", debug->hpd->hpd_high); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) return -EFAULT; @@ -954,6 +959,7 @@ static ssize_t dp_debug_read_hdcp(struct file *file, len = sizeof(debug->dp_debug.hdcp_status); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, debug->dp_debug.hdcp_status, len)) return -EFAULT; @@ -1017,6 +1023,7 @@ static ssize_t dp_debug_read_edid_modes(struct file *file, } mutex_unlock(&connector->dev->mode_config.mutex); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); rc = -EFAULT; @@ -1092,6 +1099,7 @@ static ssize_t dp_debug_read_edid_modes_mst(struct file *file, } mutex_unlock(&connector->dev->mode_config.mutex); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); rc = -EFAULT; @@ -1132,6 +1140,7 @@ static ssize_t dp_debug_read_mst_con_id(struct file *file, ret = snprintf(buf, max_size, "%u\n", debug->mst_con_id); len += ret; + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); rc = -EFAULT; @@ -1195,6 +1204,7 @@ static ssize_t dp_debug_read_mst_conn_info(struct file *file, } mutex_unlock(&debug->dp_debug.dp_mst_connector_list.lock); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); rc = -EFAULT; @@ -1284,6 +1294,7 @@ static ssize_t dp_debug_read_info(struct file *file, char __user *user_buff, if (dp_debug_check_buffer_overflow(rc, &max_size, &len)) goto error; + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) goto error; @@ -1316,6 +1327,7 @@ static ssize_t dp_debug_bw_code_read(struct file *file, len += snprintf(buf + len, (SZ_4K - len), "max_bw_code = %d\n", debug->panel->max_bw_code); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); return -EFAULT; @@ -1341,6 +1353,7 @@ static ssize_t dp_debug_tpg_read(struct file *file, len += snprintf(buf, SZ_8, "%d\n", debug->dp_debug.tpg_state); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) return -EFAULT; @@ -1526,6 +1539,7 @@ static ssize_t dp_debug_read_hdr(struct file *file, return len; } + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); return -EFAULT; @@ -1585,6 +1599,7 @@ static ssize_t dp_debug_read_hdr_mst(struct file *file, return len; } + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) { kfree(buf); return -EFAULT; @@ -1761,6 +1776,7 @@ static ssize_t dp_debug_read_dump(struct file *file, print_hex_dump(KERN_DEBUG, prefix, DUMP_PREFIX_NONE, 16, 4, buf, len, false); + len = min_t(size_t, count, len); if (copy_to_user(user_buff, buf, len)) return -EFAULT;