[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAB0kiBKeBwHNm1B7RCYTK1KTUrWS4=NzTdLRV6sdDH1wqCFJHQ@mail.gmail.com>
Date: Sat, 17 Aug 2024 10:24:21 -0400
From: Chris Wulff <crwulff@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: oe-kbuild@...ts.linux.dev, linux-usb@...r.kernel.org, lkp@...el.com,
oe-kbuild-all@...ts.linux.dev,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Konstantin Aladyshev <aladyshev22@...il.com>,
David Sands <david.sands@...mp.com>, Jeff Johnson <quic_jjohnson@...cinc.com>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>, linux-kernel@...r.kernel.org,
Chris Wulff <Chris.Wulff@...mp.com>
Subject: Re: [PATCH v4] USB: gadget: f_hid: Add GET_REPORT via userspace IOCTL
On Sat, Aug 17, 2024 at 2:49 AM Dan Carpenter <dan.carpenter@...aro.org> wrote:
>
> Hi,
>
> kernel test robot noticed the following build warnings:
>
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/crwulff-gmail-com/USB-gadget-f_hid-Add-GET_REPORT-via-userspace-IOCTL/20240814-225520
> base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> patch link: https://lore.kernel.org/r/20240814125525.3917130-2-crwulff%40gmail.com
> patch subject: [PATCH v4] USB: gadget: f_hid: Add GET_REPORT via userspace IOCTL
> config: x86_64-randconfig-161-20240817 (https://download.01.org/0day-ci/archive/20240817/202408171146.0RjWnTq8-lkp@intel.com/config)
> compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
> | Closes: https://lore.kernel.org/r/202408171146.0RjWnTq8-lkp@intel.com/
>
> smatch warnings:
> drivers/usb/gadget/function/f_hid.c:705 f_hidg_get_report() warn: inconsistent returns '&hidg->get_report_spinlock'.
> drivers/usb/gadget/function/f_hid.c:705 f_hidg_get_report() warn: inconsistent returns 'flags'.
>
> vim +705 drivers/usb/gadget/function/f_hid.c
>
> fce51fb916013b Chris Wulff 2024-08-14 653 static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer)
> fce51fb916013b Chris Wulff 2024-08-14 654 {
> fce51fb916013b Chris Wulff 2024-08-14 655 struct f_hidg *hidg = file->private_data;
> fce51fb916013b Chris Wulff 2024-08-14 656 struct usb_composite_dev *cdev = hidg->func.config->cdev;
> fce51fb916013b Chris Wulff 2024-08-14 657 unsigned long flags;
> fce51fb916013b Chris Wulff 2024-08-14 658 struct report_entry *entry;
> fce51fb916013b Chris Wulff 2024-08-14 659 struct report_entry *ptr;
> fce51fb916013b Chris Wulff 2024-08-14 660 __u8 report_id;
> fce51fb916013b Chris Wulff 2024-08-14 661
> fce51fb916013b Chris Wulff 2024-08-14 662 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
> fce51fb916013b Chris Wulff 2024-08-14 663 if (!entry)
> fce51fb916013b Chris Wulff 2024-08-14 664 return -ENOMEM;
> fce51fb916013b Chris Wulff 2024-08-14 665
> fce51fb916013b Chris Wulff 2024-08-14 666 if (copy_from_user(&entry->report_data, buffer,
> fce51fb916013b Chris Wulff 2024-08-14 667 sizeof(struct usb_hidg_report))) {
> fce51fb916013b Chris Wulff 2024-08-14 668 ERROR(cdev, "copy_from_user error\n");
> fce51fb916013b Chris Wulff 2024-08-14 669 kfree(entry);
> fce51fb916013b Chris Wulff 2024-08-14 670 return -EINVAL;
> fce51fb916013b Chris Wulff 2024-08-14 671 }
> fce51fb916013b Chris Wulff 2024-08-14 672
> fce51fb916013b Chris Wulff 2024-08-14 673 report_id = entry->report_data.report_id;
> fce51fb916013b Chris Wulff 2024-08-14 674
> fce51fb916013b Chris Wulff 2024-08-14 675 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
> fce51fb916013b Chris Wulff 2024-08-14 676 ptr = f_hidg_search_for_report(hidg, report_id);
> fce51fb916013b Chris Wulff 2024-08-14 677
> fce51fb916013b Chris Wulff 2024-08-14 678 if (ptr) {
> fce51fb916013b Chris Wulff 2024-08-14 679 /* Report already exists in list - update it */
> fce51fb916013b Chris Wulff 2024-08-14 680 if (copy_from_user(&ptr->report_data, buffer,
> fce51fb916013b Chris Wulff 2024-08-14 681 sizeof(struct usb_hidg_report))) {
> fce51fb916013b Chris Wulff 2024-08-14 682 ERROR(cdev, "copy_from_user error\n");
> fce51fb916013b Chris Wulff 2024-08-14 683 kfree(entry);
> fce51fb916013b Chris Wulff 2024-08-14 684 return -EINVAL;
>
> spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
This does appear to be legitimate. I will make sure the spinlock is
released on that error path and post a new version.
>
> fce51fb916013b Chris Wulff 2024-08-14 685 }
> fce51fb916013b Chris Wulff 2024-08-14 686 kfree(entry);
> fce51fb916013b Chris Wulff 2024-08-14 687 } else {
> fce51fb916013b Chris Wulff 2024-08-14 688 /* Report does not exist in list - add it */
> fce51fb916013b Chris Wulff 2024-08-14 689 list_add_tail(&entry->node, &hidg->report_list);
> fce51fb916013b Chris Wulff 2024-08-14 690 }
> fce51fb916013b Chris Wulff 2024-08-14 691
> fce51fb916013b Chris Wulff 2024-08-14 692 /* If there is no response pending then do nothing further */
> fce51fb916013b Chris Wulff 2024-08-14 693 if (hidg->get_report_returned) {
> fce51fb916013b Chris Wulff 2024-08-14 694 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
> fce51fb916013b Chris Wulff 2024-08-14 695 return 0;
> fce51fb916013b Chris Wulff 2024-08-14 696 }
> fce51fb916013b Chris Wulff 2024-08-14 697
> fce51fb916013b Chris Wulff 2024-08-14 698 /* If this userspace response serves the current pending report */
> fce51fb916013b Chris Wulff 2024-08-14 699 if (hidg->get_report_req_report_id == report_id) {
> fce51fb916013b Chris Wulff 2024-08-14 700 hidg->get_report_returned = true;
> fce51fb916013b Chris Wulff 2024-08-14 701 wake_up(&hidg->get_queue);
> fce51fb916013b Chris Wulff 2024-08-14 702 }
> fce51fb916013b Chris Wulff 2024-08-14 703
> fce51fb916013b Chris Wulff 2024-08-14 704 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
> fce51fb916013b Chris Wulff 2024-08-14 @705 return 0;
> fce51fb916013b Chris Wulff 2024-08-14 706 }
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
Powered by blists - more mailing lists