diff options
| author | PixelBot AutoMerger <android-nexus-securitybot@system.gserviceaccount.com> | 2023-02-05 19:46:08 -0800 |
|---|---|---|
| committer | SecurityBot <android-nexus-securitybot@system.gserviceaccount.com> | 2023-02-05 19:46:08 -0800 |
| commit | 5a8e6230271ff16a09ce0b854a6de11c3912448e (patch) | |
| tree | 9aad61859fde8b2527cf65b68432a527fe9dc982 | |
| parent | 57f467efbcf08ce0140d9ae098c34115c7f79ead (diff) | |
| parent | 31ef461089e795b4347499e792a6a5c88425aeae (diff) | |
| download | amplifiers-android-gs-felix-5.10-android13-qpr3-c.tar.gz | |
Merge android13-gs-pixel-5.10-tm-qpr2 into android13-gs-pixel-5.10-tm-qpr3android-t-qpr3-beta-3_r0.5android-t-qpr3-beta-3_r0.4android-t-qpr3-beta-3_r0.3android-t-qpr3-beta-3.1_r0.5android-t-qpr3-beta-3.1_r0.4android-t-qpr3-beta-3.1_r0.3android-t-qpr3-beta-2_r0.5android-t-qpr3-beta-2_r0.4android-t-qpr3-beta-2_r0.3android-t-qpr3-beta-1_r0.5android-13.0.0_r0.92android-13.0.0_r0.85android-13.0.0_r0.84android-13.0.0_r0.83android-13.0.0_r0.82android-13.0.0_r0.127android-13.0.0_r0.126android-13.0.0_r0.125android-13.0.0_r0.124android-13.0.0_r0.123android-13.0.0_r0.121android-13.0.0_r0.117android-13.0.0_r0.116android-13.0.0_r0.115android-13.0.0_r0.114android-13.0.0_r0.113android-13.0.0_r0.112android-13.0.0_r0.107android-13.0.0_r0.106android-13.0.0_r0.105android-13.0.0_r0.104android-13.0.0_r0.103android-13.0.0_r0.100android-gs-tangorpro-5.10-android13-qpr3android-gs-raviole-5.10-t-qpr3-beta-3android-gs-raviole-5.10-t-qpr3-beta-2android-gs-raviole-5.10-android13-qpr3android-gs-pantah-5.10-t-qpr3-beta-3android-gs-pantah-5.10-t-qpr3-beta-2android-gs-pantah-5.10-android13-qpr3-beta1android-gs-pantah-5.10-android13-qpr3android-gs-lynx-5.10-android13-qpr3android-gs-felix-5.10-android13-qpr3-candroid-gs-felix-5.10-android13-qpr3android-gs-bluejay-5.10-t-qpr3-beta-3android-gs-bluejay-5.10-t-qpr3-beta-2android-gs-bluejay-5.10-android13-qpr3
SBMerger: 478053055
Change-Id: I022b2f47f00a05d2fd2d9f54c1e6bd3c0288b66d
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
| -rw-r--r-- | cs40l25/cs40l2x.c | 36 | ||||
| -rw-r--r-- | cs40l25/include/linux/mfd/cs40l2x.h | 1 |
2 files changed, 30 insertions, 7 deletions
diff --git a/cs40l25/cs40l2x.c b/cs40l25/cs40l2x.c index c4dadf5..940b5a2 100644 --- a/cs40l25/cs40l2x.c +++ b/cs40l25/cs40l2x.c @@ -1393,41 +1393,56 @@ static ssize_t cs40l2x_cp_trigger_queue_show(struct device *dev, { struct cs40l2x_private *cs40l2x = cs40l2x_get_private(dev); struct wt_type10_comp_section *section = cs40l2x->pbq_comp.sections; + char *pbq_str; int i, len = 0; + if (!cs40l2x->pbq_str_size) { + dev_err(dev, "PBQ string is not set\n"); + return -EPERM; + } + + pbq_str = kzalloc(cs40l2x->pbq_str_size + 1, GFP_KERNEL); + if (!pbq_str) + return -ENOMEM; + mutex_lock(&cs40l2x->lock); for (i = 0; i < cs40l2x->pbq_comp.nsections; i++, section++) { if (section->repeat == WT_REPEAT_LOOP_MARKER) - len += snprintf(buf + len, PAGE_SIZE - len, "!!, "); + len += snprintf(pbq_str + len, PAGE_SIZE - len, "!!, "); if (section->amplitude) - len += snprintf(buf + len, PAGE_SIZE - len, "%d.%d, ", + len += snprintf(pbq_str + len, PAGE_SIZE - len, "%d.%d, ", section->index, section->amplitude); if (section->delay) - len += snprintf(buf + len, PAGE_SIZE - len, "%d, ", + len += snprintf(pbq_str + len, PAGE_SIZE - len, "%d, ", section->delay); if (section->repeat && section->repeat != WT_REPEAT_LOOP_MARKER) - len += snprintf(buf + len, PAGE_SIZE - len, "%d!!, ", + len += snprintf(pbq_str + len, PAGE_SIZE - len, "%d!!, ", section->repeat); } switch (cs40l2x->pbq_comp.repeat) { case WT_REPEAT_LOOP_MARKER: - len += snprintf(buf + len, PAGE_SIZE - len, "~\n"); + len += snprintf(pbq_str + len, PAGE_SIZE - len, "~\n"); break; case 0: len -= 2; // Remove ", " from end of string - len += snprintf(buf + len, PAGE_SIZE - len, "\n"); + len += snprintf(pbq_str + len, PAGE_SIZE - len, "\n"); break; default: - len += snprintf(buf + len, PAGE_SIZE - len, "%d!\n", + len += snprintf(pbq_str + len, PAGE_SIZE - len, "%d!\n", cs40l2x->pbq_comp.repeat); } + len = strscpy(buf, pbq_str, PAGE_SIZE); + if (len == -E2BIG) + dev_err(dev, "String too large for buffer\n"); + mutex_unlock(&cs40l2x->lock); + kfree(pbq_str); return len; } @@ -1493,10 +1508,17 @@ static ssize_t cs40l2x_cp_trigger_queue_store(struct device *dev, bool inner_loop = false; int ret; + if (count >= PAGE_SIZE) { + dev_err(dev, "Trigger queue string too large\n"); + return -E2BIG; + } + pbq_str = kstrndup(buf, count, GFP_KERNEL); if (!pbq_str) return -ENOMEM; + cs40l2x->pbq_str_size = count; + disable_irq(i2c_client->irq); mutex_lock(&cs40l2x->lock); diff --git a/cs40l25/include/linux/mfd/cs40l2x.h b/cs40l25/include/linux/mfd/cs40l2x.h index 97bc1f4..58eb4f8 100644 --- a/cs40l25/include/linux/mfd/cs40l2x.h +++ b/cs40l25/include/linux/mfd/cs40l2x.h @@ -1460,6 +1460,7 @@ struct cs40l2x_private { struct wt_type10_comp pbq_comp; unsigned int pbq_index; unsigned int pbq_state; + size_t pbq_str_size; int pbq_inner_mark; int pbq_inner_loop; int pbq_outer_loop; |