LinuxLists.cc - [PATCH] usb: Use memdup

2015-12-08 12:12:31

Subject: [PATCH] usb: Use memdup_user to reuse the code

From: Rahul Pathak <[email protected]>

Fixing coccicheck warning which recommends to use memdup_user instead
to reimplement its code, using memdup_user simplifies the code

./drivers/usb/core/devio.c:1398:11-18: WARNING opportunity for memdup_user

Signed-off-by: Rahul Pathak <[email protected]>
---
drivers/usb/core/devio.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 38ae877c..05266f0 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1395,11 +1395,9 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
number_of_packets = uurb->number_of_packets;
isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
number_of_packets;
- isopkt = kmalloc(isofrmlen, GFP_KERNEL);
- if (!isopkt)
- return -ENOMEM;
- if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
- ret = -EFAULT;
+ isopkt = memdup_user(iso_frame_desc, isofrmlen);
+ if (IS_ERR(isopkt)) {
+ ret = PTR_ERR(isopkt);
goto error;
}
for (totlen = u = 0; u < number_of_packets; u++) {
--
1.9.1

2015-12-08 11:52:11

by Dan Carpenter

[permalink] [raw]

Subject: Re: [PATCH] usb: Use memdup_user to reuse the code

On Tue, Dec 08, 2015 at 11:38:59AM +0000, Pathak, Rahul (R.) wrote:
> diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> index 38ae877c..05266f0 100644
> --- a/drivers/usb/core/devio.c
> +++ b/drivers/usb/core/devio.c
> @@ -1395,11 +1395,9 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
> number_of_packets = uurb->number_of_packets;
> isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) *
> number_of_packets;
> - isopkt = kmalloc(isofrmlen, GFP_KERNEL);
> - if (!isopkt)
> - return -ENOMEM;
> - if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
> - ret = -EFAULT;
> + isopkt = memdup_user(iso_frame_desc, isofrmlen);
> + if (IS_ERR(isopkt)) {
> + ret = PTR_ERR(isopkt);
> goto error;

This introduces a one err bug.
https://plus.google.com/106378716002406849458/posts/dnanfhQ4mHQ
We can't call kfree(isopkt) when it is an ERR_PTR.

Set it to NULL:

isopkt = memdup_user(iso_frame_desc, isofrmlen);
if (IS_ERR(isopkt)) {
ret = PTR_ERR(isopkt);
isopkt = NULL;
goto error;
}

regards,
dan carpenter