Re: [PATCH 09/15] usb: serial: io_edgeport: use usb_control_msg_recv() and usb_control_msg_send()
On Wed, Nov 04, 2020 at 12:16:57PM +0530, Himadri Pandya wrote: > The new usb_control_msg_recv() and usb_control_msg_send() nicely wraps > usb_control_msg() with proper error check. Hence use the wrappers > instead of calling usb_control_msg() directly. > > Signed-off-by: Himadri Pandya > --- > drivers/usb/serial/io_edgeport.c | 73 > 1 file changed, 27 insertions(+), 46 deletions(-) > > diff --git a/drivers/usb/serial/io_edgeport.c > b/drivers/usb/serial/io_edgeport.c > index ba5d8df69518..8479d5684af7 100644 > --- a/drivers/usb/serial/io_edgeport.c > +++ b/drivers/usb/serial/io_edgeport.c > @@ -568,34 +568,29 @@ static int get_epic_descriptor(struct edgeport_serial > *ep) > int result; > struct usb_serial *serial = ep->serial; > struct edgeport_product_info *product_info = >product_info; > - struct edge_compatibility_descriptor *epic; > + struct edge_compatibility_descriptor epic; > struct edge_compatibility_bits *bits; > struct device *dev = >dev->dev; > > ep->is_epic = 0; > > - epic = kmalloc(sizeof(*epic), GFP_KERNEL); > - if (!epic) > - return -ENOMEM; > - > - result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), > - USB_REQUEST_ION_GET_EPIC_DESC, > - 0xC0, 0x00, 0x00, > - epic, sizeof(*epic), > - 300); > - if (result == sizeof(*epic)) { > + result = usb_control_msg_recv(serial->dev, 0, > + USB_REQUEST_ION_GET_EPIC_DESC, 0xC0, > + 0x00, 0x00, , sizeof(epic), 300, > + GFP_KERNEL); > + if (result) { Here's another logical error due to the test being inverted, which results in the uninitialised stack-allocated buffer to be used for debug printks (potentially leaking stack data) in case of errors. > ep->is_epic = 1; > - memcpy(>epic_descriptor, epic, sizeof(*epic)); > + memcpy(>epic_descriptor, , sizeof(epic)); > memset(product_info, 0, sizeof(struct edgeport_product_info)); > > - product_info->NumPorts = epic->NumPorts; > + product_info->NumPorts = epic.NumPorts; > product_info->ProdInfoVer = 0; > - product_info->FirmwareMajorVersion = epic->MajorVersion; > - product_info->FirmwareMinorVersion = epic->MinorVersion; > - product_info->FirmwareBuildNumber = epic->BuildNumber; > - product_info->iDownloadFile = epic->iDownloadFile; > - product_info->EpicVer = epic->EpicVer; > - product_info->Epic = epic->Supports; > + product_info->FirmwareMajorVersion = epic.MajorVersion; > + product_info->FirmwareMinorVersion = epic.MinorVersion; > + product_info->FirmwareBuildNumber = epic.BuildNumber; > + product_info->iDownloadFile = epic.iDownloadFile; > + product_info->EpicVer = epic.EpicVer; > + product_info->Epic = epic.Supports; > product_info->ProductId = ION_DEVICE_ID_EDGEPORT_COMPATIBLE; > dump_product_info(ep, product_info); > > @@ -614,16 +609,12 @@ static int get_epic_descriptor(struct edgeport_serial > *ep) > dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR > ? "TRUE": "FALSE"); > dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate > ? "TRUE": "FALSE"); > dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport > ? "TRUE": "FALSE"); > - > - result = 0; > - } else if (result >= 0) { > + } else { > dev_warn(>interface->dev, "short epic descriptor > received: %d\n", >result); > result = -EIO; ...and the driver now always fails to probe with -EIO. > } > > - kfree(epic); > - > return result; > } > > @@ -2168,11 +2159,6 @@ static int rom_read(struct usb_serial *serial, __u16 > extAddr, > { > int result; > __u16 current_length; > - unsigned char *transfer_buffer; > - > - transfer_buffer = kmalloc(64, GFP_KERNEL); > - if (!transfer_buffer) > - return -ENOMEM; > > /* need to split these reads up into 64 byte chunks */ > result = 0; > @@ -2181,25 +2167,18 @@ static int rom_read(struct usb_serial *serial, __u16 > extAddr, > current_length = 64; > else > current_length = length; > - result = usb_control_msg(serial->dev, > - usb_rcvctrlpipe(serial->dev, 0), > - USB_REQUEST_ION_READ_ROM, > - 0xC0, addr, extAddr, transfer_buffer, > - current_length, 300); > -
[PATCH 09/15] usb: serial: io_edgeport: use usb_control_msg_recv() and usb_control_msg_send()
The new usb_control_msg_recv() and usb_control_msg_send() nicely wraps usb_control_msg() with proper error check. Hence use the wrappers instead of calling usb_control_msg() directly. Signed-off-by: Himadri Pandya --- drivers/usb/serial/io_edgeport.c | 73 1 file changed, 27 insertions(+), 46 deletions(-) diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c index ba5d8df69518..8479d5684af7 100644 --- a/drivers/usb/serial/io_edgeport.c +++ b/drivers/usb/serial/io_edgeport.c @@ -568,34 +568,29 @@ static int get_epic_descriptor(struct edgeport_serial *ep) int result; struct usb_serial *serial = ep->serial; struct edgeport_product_info *product_info = >product_info; - struct edge_compatibility_descriptor *epic; + struct edge_compatibility_descriptor epic; struct edge_compatibility_bits *bits; struct device *dev = >dev->dev; ep->is_epic = 0; - epic = kmalloc(sizeof(*epic), GFP_KERNEL); - if (!epic) - return -ENOMEM; - - result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), -USB_REQUEST_ION_GET_EPIC_DESC, -0xC0, 0x00, 0x00, -epic, sizeof(*epic), -300); - if (result == sizeof(*epic)) { + result = usb_control_msg_recv(serial->dev, 0, + USB_REQUEST_ION_GET_EPIC_DESC, 0xC0, + 0x00, 0x00, , sizeof(epic), 300, + GFP_KERNEL); + if (result) { ep->is_epic = 1; - memcpy(>epic_descriptor, epic, sizeof(*epic)); + memcpy(>epic_descriptor, , sizeof(epic)); memset(product_info, 0, sizeof(struct edgeport_product_info)); - product_info->NumPorts = epic->NumPorts; + product_info->NumPorts = epic.NumPorts; product_info->ProdInfoVer = 0; - product_info->FirmwareMajorVersion = epic->MajorVersion; - product_info->FirmwareMinorVersion = epic->MinorVersion; - product_info->FirmwareBuildNumber = epic->BuildNumber; - product_info->iDownloadFile = epic->iDownloadFile; - product_info->EpicVer = epic->EpicVer; - product_info->Epic = epic->Supports; + product_info->FirmwareMajorVersion = epic.MajorVersion; + product_info->FirmwareMinorVersion = epic.MinorVersion; + product_info->FirmwareBuildNumber = epic.BuildNumber; + product_info->iDownloadFile = epic.iDownloadFile; + product_info->EpicVer = epic.EpicVer; + product_info->Epic = epic.Supports; product_info->ProductId = ION_DEVICE_ID_EDGEPORT_COMPATIBLE; dump_product_info(ep, product_info); @@ -614,16 +609,12 @@ static int get_epic_descriptor(struct edgeport_serial *ep) dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR ? "TRUE": "FALSE"); dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate ? "TRUE": "FALSE"); dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport ? "TRUE": "FALSE"); - - result = 0; - } else if (result >= 0) { + } else { dev_warn(>interface->dev, "short epic descriptor received: %d\n", result); result = -EIO; } - kfree(epic); - return result; } @@ -2168,11 +2159,6 @@ static int rom_read(struct usb_serial *serial, __u16 extAddr, { int result; __u16 current_length; - unsigned char *transfer_buffer; - - transfer_buffer = kmalloc(64, GFP_KERNEL); - if (!transfer_buffer) - return -ENOMEM; /* need to split these reads up into 64 byte chunks */ result = 0; @@ -2181,25 +2167,18 @@ static int rom_read(struct usb_serial *serial, __u16 extAddr, current_length = 64; else current_length = length; - result = usb_control_msg(serial->dev, - usb_rcvctrlpipe(serial->dev, 0), - USB_REQUEST_ION_READ_ROM, - 0xC0, addr, extAddr, transfer_buffer, - current_length, 300); - if (result < current_length) { - if (result >= 0) - result = -EIO; + result = usb_control_msg_recv(serial->dev, 0, + USB_REQUEST_ION_READ_ROM, 0xC0, + addr, extAddr, data, + current_length, 300, GFP_KERNEL);