From 8bff946c4199fd79f43dbff93c030b58b01bed65 Mon Sep 17 00:00:00 2001 From: Tzung-Bi Shih Date: Fri, 13 May 2022 12:41:41 +0800 Subject: [PATCH] platform/chrome: cros_ec_i2c: drop BUG_ON() in cros_ec_pkt_xfer_i2c() It is overkill to crash the kernel if the given message is oversize. Drop the BUG_ON() and return -EINVAL instead. Reviewed-by: Guenter Roeck Signed-off-by: Tzung-Bi Shih Link: https://lore.kernel.org/r/20220513044143.1045728-6-tzungbi@kernel.org --- drivers/platform/chrome/cros_ec_i2c.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/platform/chrome/cros_ec_i2c.c b/drivers/platform/chrome/cros_ec_i2c.c index a4f305f1eb0e..9f5b95763173 100644 --- a/drivers/platform/chrome/cros_ec_i2c.c +++ b/drivers/platform/chrome/cros_ec_i2c.c @@ -72,13 +72,19 @@ static int cros_ec_pkt_xfer_i2c(struct cros_ec_device *ec_dev, i2c_msg[1].flags = I2C_M_RD; packet_len = msg->insize + response_header_size; - BUG_ON(packet_len > ec_dev->din_size); + if (packet_len > ec_dev->din_size) { + ret = -EINVAL; + goto done; + } in_buf = ec_dev->din; i2c_msg[1].len = packet_len; i2c_msg[1].buf = (char *) in_buf; packet_len = msg->outsize + request_header_size; - BUG_ON(packet_len > ec_dev->dout_size); + if (packet_len > ec_dev->dout_size) { + ret = -EINVAL; + goto done; + } out_buf = ec_dev->dout; i2c_msg[0].len = packet_len; i2c_msg[0].buf = (char *) out_buf; -- GitLab