Currently, __usbnet_{read|write}_cmd() use usb_control_msg().
However, this could lead to potential partial reads/writes being
considered valid, and since most of the callers of
usbnet_{read|write}_cmd() don't take partial reads/writes into account
(only checking for negative error number is done), and this can lead to
issues.
However, the new usb_control_msg_{send|recv}() APIs don't allow partial
reads and writes.
Using the new APIs also relaxes the return value checking that must
be done after usbnet_{read|write}_cmd() is called.
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@xxxxxxxxx>
---
Since not all callers of usbnet_{read|write}_cmd() check if a complete
read/write happened, partial reads can go unnoticed.
This issue was briefly mentioned here.
https://lore.kernel.org/linux-usb/1565777764.25764.4.camel@xxxxxxxx/
Using the new API in place of the old one doesn't break anything.
This is mainly because usb_control_msg_{send|recv}() returns 0 on success
and a negative error number on failure (which includes partial reads/writes).
Thus, the error checking condition provided by the present callers of
usbnet_{read|write}_cmd() for failure (return value < 0 is considered as an
error) will hold.
And similarly, the condition checked by some callers for 'success'
(return value >= 0 && return value < length/size) will also hold.
However, if I have missed out on any caller that this might cause problems with,
please let me know, and I will fix that up as well.
drivers/net/usb/usbnet.c | 52 ++++++++--------------------------------
1 file changed, 10 insertions(+), 42 deletions(-)
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index bf6c58240bd4..dd9fe530a374 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1982,64 +1982,32 @@ EXPORT_SYMBOL(usbnet_link_change);
static int __usbnet_read_cmd(struct usbnet *dev, u8 cmd, u8 reqtype,
u16 value, u16 index, void *data, u16 size)
{
- void *buf = NULL;
- int err = -ENOMEM;
netdev_dbg(dev->net, "usbnet_read_cmd cmd=0x%02x reqtype=%02x"
" value=0x%04x index=0x%04x size=%d\n",
cmd, reqtype, value, index, size);
- if (size) {
- buf = kmalloc(size, GFP_KERNEL);
- if (!buf)
- goto out;
- }
-
- err = usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
- cmd, reqtype, value, index, buf, size,
- USB_CTRL_GET_TIMEOUT);
- if (err > 0 && err <= size) {
- if (data)
- memcpy(data, buf, err);
- else
- netdev_dbg(dev->net,
- "Huh? Data requested but thrown away.\n");
- }
- kfree(buf);
-out:
- return err;
+ return usb_control_msg_recv(dev->udev, 0,
+ cmd, reqtype, value, index, data, size,
+ USB_CTRL_GET_TIMEOUT, GFP_KERNEL);
}
static int __usbnet_write_cmd(struct usbnet *dev, u8 cmd, u8 reqtype,
u16 value, u16 index, const void *data,
u16 size)
{
- void *buf = NULL;
- int err = -ENOMEM;
-
netdev_dbg(dev->net, "usbnet_write_cmd cmd=0x%02x reqtype=%02x"
" value=0x%04x index=0x%04x size=%d\n",
cmd, reqtype, value, index, size);
- if (data) {
- buf = kmemdup(data, size, GFP_KERNEL);
- if (!buf)
- goto out;
- } else {
- if (size) {
- WARN_ON_ONCE(1);
- err = -EINVAL;
- goto out;
- }
- }
-
- err = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
- cmd, reqtype, value, index, buf, size,
- USB_CTRL_SET_TIMEOUT);
- kfree(buf);
+ if (size && !data) {
+ WARN_ON_ONCE(1);
+ return -EINVAL;
+ }
-out:
- return err;
+ return usb_control_msg_send(dev->udev, 0,
+ cmd, reqtype, value, index, data, size,
+ USB_CTRL_SET_TIMEOUT, GPF_KERNEL);
}
/*
--
2.25.1
