[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <X8oLGdtViazqIKDX@localhost>
Date: Fri, 4 Dec 2020 11:10:33 +0100
From: Johan Hovold <johan@...nel.org>
To: Himadri Pandya <himadrispandya@...il.com>
Cc: johan@...nel.org, gregkh@...uxfoundation.org,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH 09/15] usb: serial: io_edgeport: use
usb_control_msg_recv() and usb_control_msg_send()
On Wed, Nov 04, 2020 at 12:16:57PM +0530, Himadri Pandya wrote:
> The new usb_control_msg_recv() and usb_control_msg_send() nicely wraps
> usb_control_msg() with proper error check. Hence use the wrappers
> instead of calling usb_control_msg() directly.
>
> Signed-off-by: Himadri Pandya <himadrispandya@...il.com>
> ---
> drivers/usb/serial/io_edgeport.c | 73 ++++++++++++--------------------
> 1 file changed, 27 insertions(+), 46 deletions(-)
>
> diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
> index ba5d8df69518..8479d5684af7 100644
> --- a/drivers/usb/serial/io_edgeport.c
> +++ b/drivers/usb/serial/io_edgeport.c
> @@ -568,34 +568,29 @@ static int get_epic_descriptor(struct edgeport_serial *ep)
> int result;
> struct usb_serial *serial = ep->serial;
> struct edgeport_product_info *product_info = &ep->product_info;
> - struct edge_compatibility_descriptor *epic;
> + struct edge_compatibility_descriptor epic;
> struct edge_compatibility_bits *bits;
> struct device *dev = &serial->dev->dev;
>
> ep->is_epic = 0;
>
> - epic = kmalloc(sizeof(*epic), GFP_KERNEL);
> - if (!epic)
> - return -ENOMEM;
> -
> - result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0),
> - USB_REQUEST_ION_GET_EPIC_DESC,
> - 0xC0, 0x00, 0x00,
> - epic, sizeof(*epic),
> - 300);
> - if (result == sizeof(*epic)) {
> + result = usb_control_msg_recv(serial->dev, 0,
> + USB_REQUEST_ION_GET_EPIC_DESC, 0xC0,
> + 0x00, 0x00, &epic, sizeof(epic), 300,
> + GFP_KERNEL);
> + if (result) {
Here's another logical error due to the test being inverted, which
results in the uninitialised stack-allocated buffer to be used for debug
printks (potentially leaking stack data) in case of errors.
> ep->is_epic = 1;
> - memcpy(&ep->epic_descriptor, epic, sizeof(*epic));
> + memcpy(&ep->epic_descriptor, &epic, sizeof(epic));
> memset(product_info, 0, sizeof(struct edgeport_product_info));
>
> - product_info->NumPorts = epic->NumPorts;
> + product_info->NumPorts = epic.NumPorts;
> product_info->ProdInfoVer = 0;
> - product_info->FirmwareMajorVersion = epic->MajorVersion;
> - product_info->FirmwareMinorVersion = epic->MinorVersion;
> - product_info->FirmwareBuildNumber = epic->BuildNumber;
> - product_info->iDownloadFile = epic->iDownloadFile;
> - product_info->EpicVer = epic->EpicVer;
> - product_info->Epic = epic->Supports;
> + product_info->FirmwareMajorVersion = epic.MajorVersion;
> + product_info->FirmwareMinorVersion = epic.MinorVersion;
> + product_info->FirmwareBuildNumber = epic.BuildNumber;
> + product_info->iDownloadFile = epic.iDownloadFile;
> + product_info->EpicVer = epic.EpicVer;
> + product_info->Epic = epic.Supports;
> product_info->ProductId = ION_DEVICE_ID_EDGEPORT_COMPATIBLE;
> dump_product_info(ep, product_info);
>
> @@ -614,16 +609,12 @@ static int get_epic_descriptor(struct edgeport_serial *ep)
> dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR ? "TRUE": "FALSE");
> dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate ? "TRUE": "FALSE");
> dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport ? "TRUE": "FALSE");
> -
> - result = 0;
> - } else if (result >= 0) {
> + } else {
> dev_warn(&serial->interface->dev, "short epic descriptor received: %d\n",
> result);
> result = -EIO;
...and the driver now always fails to probe with -EIO.
> }
>
> - kfree(epic);
> -
> return result;
> }
>
> @@ -2168,11 +2159,6 @@ static int rom_read(struct usb_serial *serial, __u16 extAddr,
> {
> int result;
> __u16 current_length;
> - unsigned char *transfer_buffer;
> -
> - transfer_buffer = kmalloc(64, GFP_KERNEL);
> - if (!transfer_buffer)
> - return -ENOMEM;
>
> /* need to split these reads up into 64 byte chunks */
> result = 0;
> @@ -2181,25 +2167,18 @@ static int rom_read(struct usb_serial *serial, __u16 extAddr,
> current_length = 64;
> else
> current_length = length;
> - result = usb_control_msg(serial->dev,
> - usb_rcvctrlpipe(serial->dev, 0),
> - USB_REQUEST_ION_READ_ROM,
> - 0xC0, addr, extAddr, transfer_buffer,
> - current_length, 300);
> - if (result < current_length) {
> - if (result >= 0)
> - result = -EIO;
> + result = usb_control_msg_recv(serial->dev, 0,
> + USB_REQUEST_ION_READ_ROM, 0xC0,
> + addr, extAddr, data,
> + current_length, 300, GFP_KERNEL);
> + if (result)
> break;
> - }
> - memcpy(data, transfer_buffer, current_length);
> +
> length -= current_length;
> addr += current_length;
> data += current_length;
>
> - result = 0;
> }
> -
> - kfree(transfer_buffer);
> return result;
> }
Here a single allocation of a buffer that get's used repeatedly is
replaced with one allocation per iteration. I suggest leaving this as
is.
Please just drop this patch.
Johan
Powered by blists - more mailing lists