3.16.35-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Usyskin <alexander.usys...@intel.com>
commit 35bf7692e765c2275bf93fe573f7ca868ab73453 upstream.
buf_idx type was changed to size_t, and few places
missed out to change the print format from %ld to %zu.
Use also uz for buf.size which is also of size_t
Fixes:
commit 56988f22e097 ("mei: fix possible integer overflow issue")'
Signed-off-by: Alexander Usyskin <alexander.usys...@intel.com>
Signed-off-by: Tomas Winkler <tomas.wink...@intel.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
drivers/misc/mei/amthif.c | 2 +-
drivers/misc/mei/client.c | 2 +-
drivers/misc/mei/interrupt.c | 6 +++---
drivers/misc/mei/main.c | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/misc/mei/amthif.c
+++ b/drivers/misc/mei/amthif.c
@@ -234,7 +234,7 @@ int mei_amthif_read(struct mei_device *d
* remove message from deletion list
*/
- dev_dbg(&dev->pdev->dev, "amthif cb->response_buffer.size - %zd
cb->buf_idx - %zd\n",
+ dev_dbg(&dev->pdev->dev, "amthif cb->response_buffer.size - %zu
cb->buf_idx - %zu\n",
cb->response_buffer.size, cb->buf_idx);
/* length is being truncated to PAGE_SIZE, however,
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -849,7 +849,7 @@ int mei_cl_irq_write(struct mei_cl *cl,
return 0;
}
- cl_dbg(dev, cl, "buf: size = %zd idx = %zd\n",
+ cl_dbg(dev, cl, "buf: size = %zu idx = %zu\n",
cb->request_buffer.size, cb->buf_idx);
rets = mei_write_message(dev, &mei_hdr, buf->data + cb->buf_idx);
--- a/drivers/misc/mei/interrupt.c
+++ b/drivers/misc/mei/interrupt.c
@@ -121,7 +121,7 @@ static int mei_cl_irq_read_msg(struct me
buf_sz = mei_hdr->length + cb->buf_idx;
/* catch for integer overflow */
if (buf_sz < cb->buf_idx) {
- cl_err(dev, cl, "message is too big len %d idx %ld\n",
+ cl_err(dev, cl, "message is too big len %d idx %zu\n",
mei_hdr->length, cb->buf_idx);
list_del(&cb->list);
@@ -129,7 +129,7 @@ static int mei_cl_irq_read_msg(struct me
}
if (cb->response_buffer.size < buf_sz) {
- cl_dbg(dev, cl, "message overflow. size %zd len %d idx
%zd\n",
+ cl_dbg(dev, cl, "message overflow. size %zu len %d idx
%zu\n",
cb->response_buffer.size,
mei_hdr->length, cb->buf_idx);
buffer = krealloc(cb->response_buffer.data, buf_sz,
GFP_KERNEL);
@@ -150,7 +150,7 @@ static int mei_cl_irq_read_msg(struct me
if (mei_hdr->msg_complete) {
cl->status = 0;
list_del(&cb->list);
- cl_dbg(dev, cl, "completed read length = %lu\n",
+ cl_dbg(dev, cl, "completed read length = %zu\n",
cb->buf_idx);
list_add_tail(&cb->list, &complete_list->list);
}
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -262,7 +262,7 @@ static ssize_t mei_read(struct file *fil
}
/* now copy the data to user space */
copy_buffer:
- dev_dbg(&dev->pdev->dev, "buf.size = %zd buf.idx = %zd\n",
+ dev_dbg(&dev->pdev->dev, "buf.size = %zu buf.idx = %zu\n",
cb->response_buffer.size, cb->buf_idx);
if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {
rets = -EMSGSIZE;
