From 7ae2a888eedd5a6b03849614eddd55f31793eeae Mon Sep 17 00:00:00 2001 From: Hans Verkuil Date: Fri, 4 Nov 2016 07:52:11 -0200 Subject: [PATCH] [media] cec: sanitize msg.flags The CEC_MSG_FL_REPLY_TO_FOLLOWERS message flag only makes sense for transmitted messages where you want to wait for the reply. Clear the flag in all other cases. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab --- drivers/media/cec/cec-adap.c | 4 ++++ drivers/media/cec/cec-api.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 054cd06e2247..bcd19d41c166 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -595,6 +595,10 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, /* Make sure the timeout isn't 0. */ msg->timeout = 1000; } + if (msg->timeout) + msg->flags &= CEC_MSG_FL_REPLY_TO_FOLLOWERS; + else + msg->flags = 0; /* Sanity checks */ if (msg->len == 0 || msg->len > CEC_MAX_MSG_SIZE) { diff --git a/drivers/media/cec/cec-api.c b/drivers/media/cec/cec-api.c index d4bc4ee2c6e5..597fbb62d829 100644 --- a/drivers/media/cec/cec-api.c +++ b/drivers/media/cec/cec-api.c @@ -197,7 +197,6 @@ static long cec_transmit(struct cec_adapter *adap, struct cec_fh *fh, (msg.len == 1 || msg.msg[1] != CEC_MSG_CDC_MESSAGE)) return -EINVAL; - msg.flags &= CEC_MSG_FL_REPLY_TO_FOLLOWERS; mutex_lock(&adap->lock); if (!adap->is_configured) err = -ENONET; @@ -282,6 +281,7 @@ static long cec_receive(struct cec_adapter *adap, struct cec_fh *fh, err = cec_receive_msg(fh, &msg, block); if (err) return err; + msg.flags = 0; if (copy_to_user(parg, &msg, sizeof(msg))) return -EFAULT; return 0; -- 2.11.0