On Wed, Mar 20, 2019 at 01:56:41PM +0100, Andrzej Pietrasiewicz wrote:
> Don't actually allocate anything if userspace enqueues a zero-length
> buffer. Otherwise vmalloc of zero-sized area will be attempted in
> ffs_build_sg_list().
>
> Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@xxxxxxxxxxxxx>
> ---
> drivers/usb/gadget/function/f_fs.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
> index 08357c5dd026..5cecfe3e9395 100644
> --- a/drivers/usb/gadget/function/f_fs.c
> +++ b/drivers/usb/gadget/function/f_fs.c
> @@ -797,6 +797,9 @@ static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
> static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
> size_t data_len)
> {
> + if (!data_len)
> + return ZERO_SIZE_PTR;
> +
> if (io_data->use_sg)
> return ffs_build_sg_list(&io_data->sgt, data_len);
>
> @@ -805,7 +808,7 @@ static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
>
> static inline void ffs_free_buffer(struct ffs_io_data *io_data)
> {
> - if (!io_data->buf)
> + if (ZERO_OR_NULL_PTR(io_data->buf))
> return;
>
> if (io_data->use_sg) {
Are you sure this is ok? zero length packets mean something in the USB
protocol :)
What is the problem of trying to allocate a buffer of 0 bytes?
thanks,
greg k-h
