Re: [PATCH 09/15] usb: serial: io_edgeport: use usb_control_msg_recv() and usb_control_msg_send()
On Wed, Nov 04, 2020 at 12:16:57PM +0530, Himadri Pandya wrote:
> The new usb_control_msg_recv() and usb_control_msg_send() nicely wraps
> usb_control_msg() with proper error check. Hence use the wrappers
> instead of calling usb_control_msg() directly.
>
> Signed-off-by: Himadri Pandya
> ---
> drivers/usb/serial/io_edgeport.c | 73
> 1 file changed, 27 insertions(+), 46 deletions(-)
>
> diff --git a/drivers/usb/serial/io_edgeport.c
> b/drivers/usb/serial/io_edgeport.c
> index ba5d8df69518..8479d5684af7 100644
> --- a/drivers/usb/serial/io_edgeport.c
> +++ b/drivers/usb/serial/io_edgeport.c
> @@ -568,34 +568,29 @@ static int get_epic_descriptor(struct edgeport_serial
> *ep)
> int result;
> struct usb_serial *serial = ep->serial;
> struct edgeport_product_info *product_info = >product_info;
> - struct edge_compatibility_descriptor *epic;
> + struct edge_compatibility_descriptor epic;
> struct edge_compatibility_bits *bits;
> struct device *dev = >dev->dev;
>
> ep->is_epic = 0;
>
> - epic = kmalloc(sizeof(*epic), GFP_KERNEL);
> - if (!epic)
> - return -ENOMEM;
> -
> - result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0),
> - USB_REQUEST_ION_GET_EPIC_DESC,
> - 0xC0, 0x00, 0x00,
> - epic, sizeof(*epic),
> - 300);
> - if (result == sizeof(*epic)) {
> + result = usb_control_msg_recv(serial->dev, 0,
> + USB_REQUEST_ION_GET_EPIC_DESC, 0xC0,
> + 0x00, 0x00, , sizeof(epic), 300,
> + GFP_KERNEL);
> + if (result) {
Here's another logical error due to the test being inverted, which
results in the uninitialised stack-allocated buffer to be used for debug
printks (potentially leaking stack data) in case of errors.
> ep->is_epic = 1;
> - memcpy(>epic_descriptor, epic, sizeof(*epic));
> + memcpy(>epic_descriptor, , sizeof(epic));
> memset(product_info, 0, sizeof(struct edgeport_product_info));
>
> - product_info->NumPorts = epic->NumPorts;
> + product_info->NumPorts = epic.NumPorts;
> product_info->ProdInfoVer = 0;
> - product_info->FirmwareMajorVersion = epic->MajorVersion;
> - product_info->FirmwareMinorVersion = epic->MinorVersion;
> - product_info->FirmwareBuildNumber = epic->BuildNumber;
> - product_info->iDownloadFile = epic->iDownloadFile;
> - product_info->EpicVer = epic->EpicVer;
> - product_info->Epic = epic->Supports;
> + product_info->FirmwareMajorVersion = epic.MajorVersion;
> + product_info->FirmwareMinorVersion = epic.MinorVersion;
> + product_info->FirmwareBuildNumber = epic.BuildNumber;
> + product_info->iDownloadFile = epic.iDownloadFile;
> + product_info->EpicVer = epic.EpicVer;
> + product_info->Epic = epic.Supports;
> product_info->ProductId = ION_DEVICE_ID_EDGEPORT_COMPATIBLE;
> dump_product_info(ep, product_info);
>
> @@ -614,16 +609,12 @@ static int get_epic_descriptor(struct edgeport_serial
> *ep)
> dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR
> ? "TRUE": "FALSE");
> dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate
> ? "TRUE": "FALSE");
> dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport
> ? "TRUE": "FALSE");
> -
> - result = 0;
> - } else if (result >= 0) {
> + } else {
> dev_warn(>interface->dev, "short epic descriptor
> received: %d\n",
>result);
> result = -EIO;
...and the driver now always fails to probe with -EIO.
> }
>
> - kfree(epic);
> -
> return result;
> }
>
> @@ -2168,11 +2159,6 @@ static int rom_read(struct usb_serial *serial, __u16
> extAddr,
> {
> int result;
> __u16 current_length;
> - unsigned char *transfer_buffer;
> -
> - transfer_buffer = kmalloc(64, GFP_KERNEL);
> - if (!transfer_buffer)
> - return -ENOMEM;
>
> /* need to split these reads up into 64 byte chunks */
> result = 0;
> @@ -2181,25 +2167,18 @@ static int rom_read(struct usb_serial *serial, __u16
> extAddr,
> current_length = 64;
> else
> current_length = length;
> - result = usb_control_msg(serial->dev,
> - usb_rcvctrlpipe(serial->dev, 0),
> - USB_REQUEST_ION_READ_ROM,
> - 0xC0, addr, extAddr, transfer_buffer,
> - current_length, 300);
> -
[PATCH 09/15] usb: serial: io_edgeport: use usb_control_msg_recv() and usb_control_msg_send()
The new usb_control_msg_recv() and usb_control_msg_send() nicely wraps
usb_control_msg() with proper error check. Hence use the wrappers
instead of calling usb_control_msg() directly.
Signed-off-by: Himadri Pandya
---
drivers/usb/serial/io_edgeport.c | 73
1 file changed, 27 insertions(+), 46 deletions(-)
diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
index ba5d8df69518..8479d5684af7 100644
--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
@@ -568,34 +568,29 @@ static int get_epic_descriptor(struct edgeport_serial *ep)
int result;
struct usb_serial *serial = ep->serial;
struct edgeport_product_info *product_info = >product_info;
- struct edge_compatibility_descriptor *epic;
+ struct edge_compatibility_descriptor epic;
struct edge_compatibility_bits *bits;
struct device *dev = >dev->dev;
ep->is_epic = 0;
- epic = kmalloc(sizeof(*epic), GFP_KERNEL);
- if (!epic)
- return -ENOMEM;
-
- result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0),
-USB_REQUEST_ION_GET_EPIC_DESC,
-0xC0, 0x00, 0x00,
-epic, sizeof(*epic),
-300);
- if (result == sizeof(*epic)) {
+ result = usb_control_msg_recv(serial->dev, 0,
+ USB_REQUEST_ION_GET_EPIC_DESC, 0xC0,
+ 0x00, 0x00, , sizeof(epic), 300,
+ GFP_KERNEL);
+ if (result) {
ep->is_epic = 1;
- memcpy(>epic_descriptor, epic, sizeof(*epic));
+ memcpy(>epic_descriptor, , sizeof(epic));
memset(product_info, 0, sizeof(struct edgeport_product_info));
- product_info->NumPorts = epic->NumPorts;
+ product_info->NumPorts = epic.NumPorts;
product_info->ProdInfoVer = 0;
- product_info->FirmwareMajorVersion = epic->MajorVersion;
- product_info->FirmwareMinorVersion = epic->MinorVersion;
- product_info->FirmwareBuildNumber = epic->BuildNumber;
- product_info->iDownloadFile = epic->iDownloadFile;
- product_info->EpicVer = epic->EpicVer;
- product_info->Epic = epic->Supports;
+ product_info->FirmwareMajorVersion = epic.MajorVersion;
+ product_info->FirmwareMinorVersion = epic.MinorVersion;
+ product_info->FirmwareBuildNumber = epic.BuildNumber;
+ product_info->iDownloadFile = epic.iDownloadFile;
+ product_info->EpicVer = epic.EpicVer;
+ product_info->Epic = epic.Supports;
product_info->ProductId = ION_DEVICE_ID_EDGEPORT_COMPATIBLE;
dump_product_info(ep, product_info);
@@ -614,16 +609,12 @@ static int get_epic_descriptor(struct edgeport_serial *ep)
dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR
? "TRUE": "FALSE");
dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate
? "TRUE": "FALSE");
dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport
? "TRUE": "FALSE");
-
- result = 0;
- } else if (result >= 0) {
+ } else {
dev_warn(>interface->dev, "short epic descriptor
received: %d\n",
result);
result = -EIO;
}
- kfree(epic);
-
return result;
}
@@ -2168,11 +2159,6 @@ static int rom_read(struct usb_serial *serial, __u16
extAddr,
{
int result;
__u16 current_length;
- unsigned char *transfer_buffer;
-
- transfer_buffer = kmalloc(64, GFP_KERNEL);
- if (!transfer_buffer)
- return -ENOMEM;
/* need to split these reads up into 64 byte chunks */
result = 0;
@@ -2181,25 +2167,18 @@ static int rom_read(struct usb_serial *serial, __u16
extAddr,
current_length = 64;
else
current_length = length;
- result = usb_control_msg(serial->dev,
- usb_rcvctrlpipe(serial->dev, 0),
- USB_REQUEST_ION_READ_ROM,
- 0xC0, addr, extAddr, transfer_buffer,
- current_length, 300);
- if (result < current_length) {
- if (result >= 0)
- result = -EIO;
+ result = usb_control_msg_recv(serial->dev, 0,
+ USB_REQUEST_ION_READ_ROM, 0xC0,
+ addr, extAddr, data,
+ current_length, 300, GFP_KERNEL);
