On Fri, Feb 26, 2016 at 03:31:46PM -0300, Gustavo Padovan wrote:
> +no_fences:
> + info->num_fences = sync_file->num_fences;
>
> - if (copy_to_user((void __user *)arg, info, len))
> + if (copy_to_user((void __user *)arg, info, sizeof(*info)))
> ret = -EFAULT;
> else
> ret = 0;
We need to kfree(fence_info) here.
> diff --git a/drivers/staging/android/uapi/sync.h
> b/drivers/staging/android/uapi/sync.h
> index f0b41ce..9aad623 100644
> --- a/drivers/staging/android/uapi/sync.h
> +++ b/drivers/staging/android/uapi/sync.h
> @@ -42,21 +42,20 @@ struct sync_fence_info {
>
> /**
> * struct sync_file_info - data returned from fence info ioctl
> - * @len: ioctl caller writes the size of the buffer its passing in.
> - * ioctl returns length of sync_file_info returned to
> - * userspace including pt_info.
> * @name: name of fence
> * @status: status of fence. 1: signaled 0:active <0:error
> * @num_fences number of fences in the sync_file
> + * @len: ioctl caller writes the size of the buffer its passing in.
> + * ioctl returns length of all fence_infos summed.
> * @sync_fence_info: array of sync_fence_info for every fence in the
> sync_file
The documentation needs updating.
> */
> struct sync_file_info {
> - __u32 len;
> char name[32];
> __s32 status;
> __u32 num_fences;
> + __u32 len;
>
> - __u8 sync_fence_info[0];
> + __u64 sync_fence_info;
> };
regards,
dan carpenter
