lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YBF/4XYi854hyYhZ@hovoldconsulting.com>
Date:   Wed, 27 Jan 2021 15:59:45 +0100
From:   Johan Hovold <johan@...nel.org>
To:     Anant Thazhemadam <anant.thazhemadam@...il.com>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Lee Jones <lee.jones@...aro.org>, Tom Rix <trix@...hat.com>,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 06/12] usb: misc: iowarrior: update to use the
 usb_control_msg_{send|recv}() API

On Wed, Jan 27, 2021 at 12:03:57AM +0530, Anant Thazhemadam wrote:
> The newer usb_control_msg_{send|recv}() API are an improvement on the
> existing usb_control_msg() as it ensures that a short read/write is treated
> as an error, data can be used off the stack, and raw usb pipes need not be
> created in the calling functions.
> For this reason, instances of usb_control_msg() have been replaced with
> usb_control_msg_{recv|send}() appropriately.
> 
> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@...il.com>
> ---
>  drivers/usb/misc/iowarrior.c | 34 +++++++++++++++++-----------------
>  1 file changed, 17 insertions(+), 17 deletions(-)
> 
> diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
> index efbd317f2f25..9d6a7548e537 100644
> --- a/drivers/usb/misc/iowarrior.c
> +++ b/drivers/usb/misc/iowarrior.c
> @@ -109,12 +109,12 @@ static int usb_get_report(struct usb_device *dev,
>  			  struct usb_host_interface *inter, unsigned char type,
>  			  unsigned char id, void *buf, int size)
>  {
> -	return usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
> -			       USB_REQ_GET_REPORT,
> -			       USB_DIR_IN | USB_TYPE_CLASS |
> -			       USB_RECIP_INTERFACE, (type << 8) + id,
> -			       inter->desc.bInterfaceNumber, buf, size,
> -			       GET_TIMEOUT*HZ);
> +	return usb_control_msg_recv(dev, 0,
> +				    USB_REQ_GET_REPORT,
> +				    USB_DIR_IN | USB_TYPE_CLASS |
> +				    USB_RECIP_INTERFACE, (type << 8) + id,
> +				    inter->desc.bInterfaceNumber, buf, size,
> +				    GET_TIMEOUT*HZ, GFP_KERNEL);
>  }
>  //#endif
>  
> @@ -123,13 +123,13 @@ static int usb_get_report(struct usb_device *dev,
>  static int usb_set_report(struct usb_interface *intf, unsigned char type,
>  			  unsigned char id, void *buf, int size)
>  {
> -	return usb_control_msg(interface_to_usbdev(intf),
> -			       usb_sndctrlpipe(interface_to_usbdev(intf), 0),
> -			       USB_REQ_SET_REPORT,
> -			       USB_TYPE_CLASS | USB_RECIP_INTERFACE,
> -			       (type << 8) + id,
> -			       intf->cur_altsetting->desc.bInterfaceNumber, buf,
> -			       size, HZ);
> +	return usb_control_msg_send(interface_to_usbdev(intf),
> +				    0,
> +				    USB_REQ_SET_REPORT,
> +				    USB_TYPE_CLASS | USB_RECIP_INTERFACE,
> +				    (type << 8) + id,
> +				    intf->cur_altsetting->desc.bInterfaceNumber, buf,
> +				    size, HZ, GFP_KERNEL);
>  }

But here the buffers are already DMA-able so that the new helpers only
add redundant allocations and memcpy's() for no real gain.

I'd just drop this one as well.

You could consider adding the missing sanity check to the IOW_READ
ioctl, which would currently return zeroed data in case of a short read
(so there are no info leaks either way). But perhaps that is done on
purpose, so perhaps better to leave that too.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ