[PATCH 5/6] platform/wmi: Extend wmidev_query_block() to reject undersized data

[Armin Wolf]

WMI drivers using the buffer-based WMI API are expected to reject
undersized query results. Extend wmidev_query_block() to enable
the WMI driver core to perform this size check internally.

Signed-off-by: Armin Wolf <W_Armin@xxxxxx>
---
 drivers/platform/wmi/core.c                    | 10 ++++++----
 drivers/platform/x86/intel/wmi/sbl-fw-update.c |  7 +------
 drivers/platform/x86/wmi-bmof.c                |  2 +-
 include/linux/wmi.h                            |  3 ++-
 4 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/drivers/platform/wmi/core.c b/drivers/platform/wmi/core.c
index a1a612f33233..87b0e54dde5a 100644
--- a/drivers/platform/wmi/core.c
+++ b/drivers/platform/wmi/core.c
@@ -565,13 +565,15 @@ EXPORT_SYMBOL_GPL(wmidev_block_query);
  * @wdev: A wmi bus device from a driver
  * @instance: Instance index
  * @out: WMI buffer to fill
+ * @min_size: Minimum size of the result data in bytes
  *
- * Query a WMI data block, the caller must free the resulting data inside @out.
- * Said data is guaranteed to be aligned on a 8-byte boundary.
+ * Query a WMI data block, the caller must free the resulting data inside @out
+ * using kfree(). Said data is guaranteed to be aligned on a 8-byte boundary.
  *
  * Return: 0 on success or a negative error code on failure.
  */
-int wmidev_query_block(struct wmi_device *wdev, u8 instance, struct wmi_buffer *out)
+int wmidev_query_block(struct wmi_device *wdev, u8 instance, struct wmi_buffer *out,
+		       size_t min_size)
 {
 	union acpi_object *obj;
 	int ret;
@@ -580,7 +582,7 @@ int wmidev_query_block(struct wmi_device *wdev, u8 instance, struct wmi_buffer *
 	if (!obj)
 		return -EIO;
 
-	ret = wmi_unmarshal_acpi_object(obj, out, 0);
+	ret = wmi_unmarshal_acpi_object(obj, out, min_size);
 	kfree(obj);
 
 	return ret;
diff --git a/drivers/platform/x86/intel/wmi/sbl-fw-update.c b/drivers/platform/x86/intel/wmi/sbl-fw-update.c
index 3716ccaaed6a..62c9c7f1842b 100644
--- a/drivers/platform/x86/intel/wmi/sbl-fw-update.c
+++ b/drivers/platform/x86/intel/wmi/sbl-fw-update.c
@@ -28,15 +28,10 @@ static int get_fwu_request(struct device *dev, u32 *out)
 	__le32 *result;
 	int ret;
 
-	ret = wmidev_query_block(to_wmi_device(dev), 0, &buffer);
+	ret = wmidev_query_block(to_wmi_device(dev), 0, &buffer, sizeof(*result));
 	if (ret < 0)
 		return ret;
 
-	if (buffer.length < sizeof(*result)) {
-		kfree(buffer.data);
-		return -ENODATA;
-	}
-
 	result = buffer.data;
 	*out = le32_to_cpu(*result);
 	kfree(result);
diff --git a/drivers/platform/x86/wmi-bmof.c b/drivers/platform/x86/wmi-bmof.c
index e3a126de421b..6623cf60e4b4 100644
--- a/drivers/platform/x86/wmi-bmof.c
+++ b/drivers/platform/x86/wmi-bmof.c
@@ -62,7 +62,7 @@ static int wmi_bmof_probe(struct wmi_device *wdev, const void *context)
 	if (!buffer)
 		return -ENOMEM;
 
-	ret = wmidev_query_block(wdev, 0, buffer);
+	ret = wmidev_query_block(wdev, 0, buffer, 0);
 	if (ret < 0)
 		return ret;
 
diff --git a/include/linux/wmi.h b/include/linux/wmi.h
index 858398beb01a..da94580572a9 100644
--- a/include/linux/wmi.h
+++ b/include/linux/wmi.h
@@ -73,7 +73,8 @@ int wmidev_invoke_method(struct wmi_device *wdev, u8 instance, u32 method_id,
 int wmidev_invoke_procedure(struct wmi_device *wdev, u8 instance, u32 method_id,
 			    const struct wmi_buffer *in);
 
-int wmidev_query_block(struct wmi_device *wdev, u8 instance, struct wmi_buffer *out);
+int wmidev_query_block(struct wmi_device *wdev, u8 instance, struct wmi_buffer *out,
+		       size_t min_size);
 
 int wmidev_set_block(struct wmi_device *wdev, u8 instance, const struct wmi_buffer *in);
 
-- 
2.39.5