pon., 16 wrz 2019 o 11:46 Bartosz Golaszewski <brgl@xxxxxxxx> napisał(a):
>
> From: Bartosz Golaszewski <bgolaszewski@xxxxxxxxxxxx>
>
> Move all the flags sanitization before any memory allocation in
> lineevent_create() in order to remove a couple unneeded gotos.
>
> Signed-off-by: Bartosz Golaszewski <bgolaszewski@xxxxxxxxxxxx>
> ---
> drivers/gpio/gpiolib.c | 42 ++++++++++++++++++------------------------
> 1 file changed, 18 insertions(+), 24 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
> index d9074191edef..194b0bcdcfb7 100644
> --- a/drivers/gpio/gpiolib.c
> +++ b/drivers/gpio/gpiolib.c
> @@ -899,6 +899,24 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
>
> if (copy_from_user(&eventreq, ip, sizeof(eventreq)))
> return -EFAULT;
> +
> + offset = eventreq.lineoffset;
> + lflags = eventreq.handleflags;
> + eflags = eventreq.eventflags;
> +
> + if (offset >= gdev->ngpio)
> + return -EINVAL;
> +
> + /* Return an error if a unknown flag is set */
> + if ((lflags & ~GPIOHANDLE_REQUEST_VALID_FLAGS) ||
> + (eflags & ~GPIOEVENT_REQUEST_VALID_FLAGS))
> + return -EINVAL;
> +
> + /* This is just wrong: we don't look for events on output lines */
> + if ((lflags & GPIOHANDLE_REQUEST_OUTPUT) ||
> + (lflags & GPIOHANDLE_REQUEST_OPEN_DRAIN) ||
> + (lflags & GPIOHANDLE_REQUEST_OPEN_SOURCE))
> + return -EINVAL;
>
> le = kzalloc(sizeof(*le), GFP_KERNEL);
> if (!le)
> @@ -917,30 +935,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> }
> }
>
> - offset = eventreq.lineoffset;
> - lflags = eventreq.handleflags;
> - eflags = eventreq.eventflags;
> -
> - if (offset >= gdev->ngpio) {
> - ret = -EINVAL;
> - goto out_free_label;
> - }
> -
> - /* Return an error if a unknown flag is set */
> - if ((lflags & ~GPIOHANDLE_REQUEST_VALID_FLAGS) ||
> - (eflags & ~GPIOEVENT_REQUEST_VALID_FLAGS)) {
> - ret = -EINVAL;
> - goto out_free_label;
> - }
> -
> - /* This is just wrong: we don't look for events on output lines */
> - if ((lflags & GPIOHANDLE_REQUEST_OUTPUT) ||
> - (lflags & GPIOHANDLE_REQUEST_OPEN_DRAIN) ||
> - (lflags & GPIOHANDLE_REQUEST_OPEN_SOURCE)) {
> - ret = -EINVAL;
> - goto out_free_label;
> - }
> -
> desc = &gdev->descs[offset];
> ret = gpiod_request(desc, le->label);
> if (ret)
> --
> 2.21.0
>
Patch applied.
Bart
Re: [PATCH] gpiolib: sanitize flags before allocating memory in lineevent_create()
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH] gpiolib: sanitize flags before allocating memory in lineevent_create()
- From: Bartosz Golaszewski <brgl@xxxxxxxx>
- Date: Tue, 1 Oct 2019 12:08:06 +0200
- In-reply-to: <20190916094623.12125-1-brgl@bgdev.pl>
- References: <20190916094623.12125-1-brgl@bgdev.pl>
- References:
- [PATCH] gpiolib: sanitize flags before allocating memory in lineevent_create()
- From: Bartosz Golaszewski
- [PATCH] gpiolib: sanitize flags before allocating memory in lineevent_create()
- Prev by Date: Re: [GIT PULL] gpio: fixes for v5.4-rc1
- Next by Date: [PATCH] pinctrl: at91: Pass irqchip when adding gpiochip
- Previous by thread: [PATCH] gpiolib: sanitize flags before allocating memory in lineevent_create()
- Next by thread: [PATCH] gpio: eic: sprd: Fix the incorrect EIC offset when toggling
- Index(es):
 |