From: Markus Elfring <[email protected]>
Date: Mon, 5 Mar 2018 09:14:32 +0100
A few update suggestions were taken into account
from static source code analysis.
Markus Elfring (4):
Use memdup_user() rather than duplicating its implementation
Less function calls in hpsa_big_passthru_ioctl() after error detection
Delete an unnecessary initialisation
Move a variable assignment
drivers/scsi/hpsa.c | 44 +++++++++++++++++++++-----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
--
2.16.2
From: Markus Elfring <[email protected]>
Date: Sun, 4 Mar 2018 22:00:19 +0100
The function "kfree" was called in a few cases by
the hpsa_big_passthru_ioctl() function during error handling
even if the passed variable contained a null pointer.
* Adjust jump targets.
* Delete two initialisations and a check (for the local variable "buff")
which became unnecessary with this refactoring.
Signed-off-by: Markus Elfring <[email protected]>
---
drivers/scsi/hpsa.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index b35248becef9..45177ead811f 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6377,8 +6377,8 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
{
BIG_IOCTL_Command_struct *ioc;
struct CommandList *c;
- unsigned char **buff = NULL;
- int *buff_size = NULL;
+ unsigned char **buff;
+ int *buff_size;
u64 temp64;
BYTE sg_used = 0;
int status = 0;
@@ -6397,26 +6397,26 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
if ((ioc->buf_size < 1) &&
(ioc->Request.Type.Direction != XFER_NONE)) {
status = -EINVAL;
- goto cleanup1;
+ goto free_ioc;
}
/* Check kmalloc limits using all SGs */
if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
status = -EINVAL;
- goto cleanup1;
+ goto free_ioc;
}
if (ioc->buf_size > ioc->malloc_size * SG_ENTRIES_IN_CMD) {
status = -EINVAL;
- goto cleanup1;
- }
- buff = kzalloc(SG_ENTRIES_IN_CMD * sizeof(char *), GFP_KERNEL);
- if (!buff) {
- status = -ENOMEM;
- goto cleanup1;
+ goto free_ioc;
}
buff_size = kmalloc(SG_ENTRIES_IN_CMD * sizeof(int), GFP_KERNEL);
if (!buff_size) {
status = -ENOMEM;
- goto cleanup1;
+ goto free_ioc;
+ }
+ buff = kzalloc(SG_ENTRIES_IN_CMD * sizeof(char *), GFP_KERNEL);
+ if (!buff) {
+ status = -ENOMEM;
+ goto free_buff_size;
}
left = ioc->buf_size;
data_ptr = ioc->buf;
@@ -6501,14 +6501,16 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
cleanup0:
cmd_free(h, c);
cleanup1:
- if (buff) {
+ {
int i;
for (i = 0; i < sg_used; i++)
kfree(buff[i]);
kfree(buff);
}
+free_buff_size:
kfree(buff_size);
+free_ioc:
kfree(ioc);
return status;
}
--
2.16.2
From: Markus Elfring <[email protected]>
Date: Sun, 4 Mar 2018 22:02:10 +0100
The variable "status" will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.
Signed-off-by: Markus Elfring <[email protected]>
---
drivers/scsi/hpsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 45177ead811f..86d371ab39e7 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6381,7 +6381,7 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
int *buff_size;
u64 temp64;
BYTE sg_used = 0;
- int status = 0;
+ int status;
u32 left;
u32 sz;
BYTE __user *data_ptr;
--
2.16.2
From: Markus Elfring <[email protected]>
Date: Sun, 4 Mar 2018 21:19:52 +0100
* Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.
This issue was detected by using the Coccinelle software.
* Return directly after this function call failed at the beginning.
Signed-off-by: Markus Elfring <[email protected]>
---
drivers/scsi/hpsa.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 5293e6827ce5..b35248becef9 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6390,15 +6390,10 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
return -EINVAL;
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
- ioc = kmalloc(sizeof(*ioc), GFP_KERNEL);
- if (!ioc) {
- status = -ENOMEM;
- goto cleanup1;
- }
- if (copy_from_user(ioc, argp, sizeof(*ioc))) {
- status = -EFAULT;
- goto cleanup1;
- }
+ ioc = memdup_user(argp, sizeof(*ioc));
+ if (IS_ERR(ioc))
+ return PTR_ERR(ioc);
+
if ((ioc->buf_size < 1) &&
(ioc->Request.Type.Direction != XFER_NONE)) {
status = -EINVAL;
--
2.16.2
From: Markus Elfring <[email protected]>
Date: Sun, 4 Mar 2018 22:16:05 +0100
Move an assignment for the local variable "sg_used" so that its setting
will only be performed after corresponding memory allocations succeeded
by this function.
Signed-off-by: Markus Elfring <[email protected]>
---
drivers/scsi/hpsa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 86d371ab39e7..bb6df194ac31 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6380,7 +6380,7 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
unsigned char **buff;
int *buff_size;
u64 temp64;
- BYTE sg_used = 0;
+ BYTE sg_used;
int status;
u32 left;
u32 sz;
@@ -6420,6 +6420,7 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, void __user *argp)
}
left = ioc->buf_size;
data_ptr = ioc->buf;
+ sg_used = 0;
while (left) {
sz = (left > ioc->malloc_size) ? ioc->malloc_size : left;
buff_size[sg_used] = sz;
--
2.16.2