The usb_control_msg_send() and usb_control_msg_recv() calls can return an error if a "short" write/read happens, and they can handle data off of the stack, so move the driver over to using those calls instead, saving some logic when dynamically allocating memory. Cc: Marcel Holtmann <marcel@xxxxxxxxxxxx> Cc: Johan Hedberg <johan.hedberg@xxxxxxxxx> Cc: linux-bluetooth@xxxxxxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/bluetooth/ath3k.c | 90 +++++++++++---------------------------- 1 file changed, 26 insertions(+), 64 deletions(-) diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c index 4ce270513695..1472cccfd0b3 100644 --- a/drivers/bluetooth/ath3k.c +++ b/drivers/bluetooth/ath3k.c @@ -212,19 +212,16 @@ static int ath3k_load_firmware(struct usb_device *udev, BT_DBG("udev %p", udev); - pipe = usb_sndctrlpipe(udev, 0); - send_buf = kmalloc(BULK_SIZE, GFP_KERNEL); if (!send_buf) { BT_ERR("Can't allocate memory chunk for firmware"); return -ENOMEM; } - memcpy(send_buf, firmware->data, FW_HDR_SIZE); - err = usb_control_msg(udev, pipe, USB_REQ_DFU_DNLOAD, USB_TYPE_VENDOR, - 0, 0, send_buf, FW_HDR_SIZE, - USB_CTRL_SET_TIMEOUT); - if (err < 0) { + err = usb_control_msg_send(udev, 0, USB_REQ_DFU_DNLOAD, USB_TYPE_VENDOR, + 0, 0, firmware->data, FW_HDR_SIZE, + USB_CTRL_SET_TIMEOUT); + if (err) { BT_ERR("Can't change to loading configuration err"); goto error; } @@ -259,44 +256,17 @@ static int ath3k_load_firmware(struct usb_device *udev, static int ath3k_get_state(struct usb_device *udev, unsigned char *state) { - int ret, pipe = 0; - char *buf; - - buf = kmalloc(sizeof(*buf), GFP_KERNEL); - if (!buf) - return -ENOMEM; - - pipe = usb_rcvctrlpipe(udev, 0); - ret = usb_control_msg(udev, pipe, ATH3K_GETSTATE, - USB_TYPE_VENDOR | USB_DIR_IN, 0, 0, - buf, sizeof(*buf), USB_CTRL_SET_TIMEOUT); - - *state = *buf; - kfree(buf); - - return ret; + return usb_control_msg_recv(udev, 0, ATH3K_GETSTATE, + USB_TYPE_VENDOR | USB_DIR_IN, 0, 0, + state, 1, USB_CTRL_SET_TIMEOUT); } static int ath3k_get_version(struct usb_device *udev, struct ath3k_version *version) { - int ret, pipe = 0; - struct ath3k_version *buf; - const int size = sizeof(*buf); - - buf = kmalloc(size, GFP_KERNEL); - if (!buf) - return -ENOMEM; - - pipe = usb_rcvctrlpipe(udev, 0); - ret = usb_control_msg(udev, pipe, ATH3K_GETVERSION, - USB_TYPE_VENDOR | USB_DIR_IN, 0, 0, - buf, size, USB_CTRL_SET_TIMEOUT); - - memcpy(version, buf, size); - kfree(buf); - - return ret; + return usb_control_msg_recv(udev, 0, ATH3K_GETVERSION, + USB_TYPE_VENDOR | USB_DIR_IN, 0, 0, + version, sizeof(*version), USB_CTRL_SET_TIMEOUT); } static int ath3k_load_fwfile(struct usb_device *udev, @@ -316,13 +286,10 @@ static int ath3k_load_fwfile(struct usb_device *udev, } size = min_t(uint, count, FW_HDR_SIZE); - memcpy(send_buf, firmware->data, size); - pipe = usb_sndctrlpipe(udev, 0); - ret = usb_control_msg(udev, pipe, ATH3K_DNLOAD, - USB_TYPE_VENDOR, 0, 0, send_buf, - size, USB_CTRL_SET_TIMEOUT); - if (ret < 0) { + ret = usb_control_msg_send(udev, 0, ATH3K_DNLOAD, USB_TYPE_VENDOR, 0, 0, + firmware->data, size, USB_CTRL_SET_TIMEOUT); + if (ret) { BT_ERR("Can't change to loading configuration err"); kfree(send_buf); return ret; @@ -355,23 +322,19 @@ static int ath3k_load_fwfile(struct usb_device *udev, return 0; } -static int ath3k_switch_pid(struct usb_device *udev) +static void ath3k_switch_pid(struct usb_device *udev) { - int pipe = 0; - - pipe = usb_sndctrlpipe(udev, 0); - return usb_control_msg(udev, pipe, USB_REG_SWITCH_VID_PID, - USB_TYPE_VENDOR, 0, 0, - NULL, 0, USB_CTRL_SET_TIMEOUT); + usb_control_msg_send(udev, 0, USB_REG_SWITCH_VID_PID, USB_TYPE_VENDOR, + 0, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); } static int ath3k_set_normal_mode(struct usb_device *udev) { unsigned char fw_state; - int pipe = 0, ret; + int ret; ret = ath3k_get_state(udev, &fw_state); - if (ret < 0) { + if (ret) { BT_ERR("Can't get state to change to normal mode err"); return ret; } @@ -381,10 +344,9 @@ static int ath3k_set_normal_mode(struct usb_device *udev) return 0; } - pipe = usb_sndctrlpipe(udev, 0); - return usb_control_msg(udev, pipe, ATH3K_SET_NORMAL_MODE, - USB_TYPE_VENDOR, 0, 0, - NULL, 0, USB_CTRL_SET_TIMEOUT); + return usb_control_msg_send(udev, 0, ATH3K_SET_NORMAL_MODE, + USB_TYPE_VENDOR, 0, 0, NULL, 0, + USB_CTRL_SET_TIMEOUT); } static int ath3k_load_patch(struct usb_device *udev) @@ -397,7 +359,7 @@ static int ath3k_load_patch(struct usb_device *udev) int ret; ret = ath3k_get_state(udev, &fw_state); - if (ret < 0) { + if (ret) { BT_ERR("Can't get state to change to load ram patch err"); return ret; } @@ -408,7 +370,7 @@ static int ath3k_load_patch(struct usb_device *udev) } ret = ath3k_get_version(udev, &fw_version); - if (ret < 0) { + if (ret) { BT_ERR("Can't get version to change to load ram patch err"); return ret; } @@ -449,13 +411,13 @@ static int ath3k_load_syscfg(struct usb_device *udev) int clk_value, ret; ret = ath3k_get_state(udev, &fw_state); - if (ret < 0) { + if (ret) { BT_ERR("Can't get state to change to load configuration err"); return -EBUSY; } ret = ath3k_get_version(udev, &fw_version); - if (ret < 0) { + if (ret) { BT_ERR("Can't get version to change to load ram patch err"); return ret; } @@ -529,7 +491,7 @@ static int ath3k_probe(struct usb_interface *intf, return ret; } ret = ath3k_set_normal_mode(udev); - if (ret < 0) { + if (ret) { BT_ERR("Set normal mode failed"); return ret; } -- 2.28.0