* [PATCH] usbip: Fix vep_free_request() null pointer checks on input args
@ 2019-01-18 21:29 Shuah Khan
2019-01-18 21:29 ` [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path Shuah Khan
2019-01-19 8:17 ` [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Greg KH
0 siblings, 2 replies; 9+ messages in thread
From: Shuah Khan @ 2019-01-18 21:29 UTC (permalink / raw)
To: valentina.manea.m, shuah, gregkh; +Cc: linux-usb, linux-kernel
From: Shuah Khan <shuah@kernel.org>
Fix vep_free_request() to return when usb_ep and usb_request are null
instead of calling WARN_ON.
Signed-off-by: Shuah Khan <shuah@kernel.org>
---
drivers/usb/usbip/vudc_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/vudc_dev.c b/drivers/usb/usbip/vudc_dev.c
index 1634d8698e15..bfc8218e3fb6 100644
--- a/drivers/usb/usbip/vudc_dev.c
+++ b/drivers/usb/usbip/vudc_dev.c
@@ -297,7 +297,7 @@ static void vep_free_request(struct usb_ep *_ep, struct usb_request *_req)
{
struct vrequest *req;
- if (WARN_ON(!_ep || !_req))
+ if (!_ep || !_req)
return;
req = to_vrequest(_req);
--
2.17.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
2019-01-18 21:29 [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Shuah Khan
@ 2019-01-18 21:29 ` Shuah Khan
2019-01-19 8:21 ` Greg KH
2019-01-19 16:58 ` Sergei Shtylyov
2019-01-19 8:17 ` [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Greg KH
1 sibling, 2 replies; 9+ messages in thread
From: Shuah Khan @ 2019-01-18 21:29 UTC (permalink / raw)
To: valentina.manea.m, shuah, gregkh; +Cc: linux-usb, linux-kernel
From: Shuah Khan <shuah@kernel.org>
Fix vhci_urb_enqueue() to print error and return error instead of
failing with WARN_ON.
Signed-off-by: Shuah Khan <shuah@kernel.org>
---
drivers/usb/usbip/vhci_hcd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
index 1e592ec94ba4..849ebfde87b5 100644
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -702,8 +702,10 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag
}
vdev = &vhci_hcd->vdev[portnum-1];
- /* patch to usb_sg_init() is in 2.5.60 */
- BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length);
+ if (!urb->transfer_buffer && urb->transfer_buffer_length) {
+ dev_err(dev, "Null URB transfer buffer\n");
+ return -EINVAL;
+ }
spin_lock_irqsave(&vhci->lock, flags);
--
2.17.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vep_free_request() null pointer checks on input args
2019-01-18 21:29 [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Shuah Khan
2019-01-18 21:29 ` [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path Shuah Khan
@ 2019-01-19 8:17 ` Greg KH
2019-01-22 23:05 ` shuah
1 sibling, 1 reply; 9+ messages in thread
From: Greg KH @ 2019-01-19 8:17 UTC (permalink / raw)
To: Shuah Khan; +Cc: valentina.manea.m, shuah, linux-usb, linux-kernel
On Fri, Jan 18, 2019 at 02:29:30PM -0700, Shuah Khan wrote:
> From: Shuah Khan <shuah@kernel.org>
>
> Fix vep_free_request() to return when usb_ep and usb_request are null
> instead of calling WARN_ON.
>
> Signed-off-by: Shuah Khan <shuah@kernel.org>
> ---
> drivers/usb/usbip/vudc_dev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/usbip/vudc_dev.c b/drivers/usb/usbip/vudc_dev.c
> index 1634d8698e15..bfc8218e3fb6 100644
> --- a/drivers/usb/usbip/vudc_dev.c
> +++ b/drivers/usb/usbip/vudc_dev.c
> @@ -297,7 +297,7 @@ static void vep_free_request(struct usb_ep *_ep, struct usb_request *_req)
> {
> struct vrequest *req;
>
> - if (WARN_ON(!_ep || !_req))
> + if (!_ep || !_req)
It's impossible for _ep to be NULL in this callback (see
usb_ep_free_request() for where this is called from to prove that), so I
don't think you need to check that. It's almost impossible for _req to
be NULL, so you might as well leave that check in.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
2019-01-18 21:29 ` [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path Shuah Khan
@ 2019-01-19 8:21 ` Greg KH
2019-01-19 16:58 ` Sergei Shtylyov
1 sibling, 0 replies; 9+ messages in thread
From: Greg KH @ 2019-01-19 8:21 UTC (permalink / raw)
To: Shuah Khan; +Cc: valentina.manea.m, shuah, linux-usb, linux-kernel
On Fri, Jan 18, 2019 at 02:29:31PM -0700, Shuah Khan wrote:
> From: Shuah Khan <shuah@kernel.org>
>
> Fix vhci_urb_enqueue() to print error and return error instead of
> failing with WARN_ON.
>
> Signed-off-by: Shuah Khan <shuah@kernel.org>
> ---
> drivers/usb/usbip/vhci_hcd.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> index 1e592ec94ba4..849ebfde87b5 100644
> --- a/drivers/usb/usbip/vhci_hcd.c
> +++ b/drivers/usb/usbip/vhci_hcd.c
> @@ -702,8 +702,10 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag
> }
> vdev = &vhci_hcd->vdev[portnum-1];
>
> - /* patch to usb_sg_init() is in 2.5.60 */
> - BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length);
> + if (!urb->transfer_buffer && urb->transfer_buffer_length) {
> + dev_err(dev, "Null URB transfer buffer\n");
> + return -EINVAL;
> + }
Could that BUG_ON be hit by userspace somehow? Or is this just an
internal check for the api usage?
And sending out a 0 buffer length might be a valid thing (or at least a
crazy attempt at something), so you might want to make that dev_dbg() in
case userspace could trigger this to keep the log spam down.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
2019-01-18 21:29 ` [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path Shuah Khan
2019-01-19 8:21 ` Greg KH
@ 2019-01-19 16:58 ` Sergei Shtylyov
2019-01-20 19:29 ` shuah
1 sibling, 1 reply; 9+ messages in thread
From: Sergei Shtylyov @ 2019-01-19 16:58 UTC (permalink / raw)
To: Shuah Khan, valentina.manea.m, shuah, gregkh; +Cc: linux-usb, linux-kernel
Hello!
On 01/19/2019 12:29 AM, Shuah Khan wrote:
> From: Shuah Khan <shuah@kernel.org>
>
> Fix vhci_urb_enqueue() to print error and return error instead of
> failing with WARN_ON.
It's BUG_ON().
> Signed-off-by: Shuah Khan <shuah@kernel.org>
> ---
> drivers/usb/usbip/vhci_hcd.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> index 1e592ec94ba4..849ebfde87b5 100644
> --- a/drivers/usb/usbip/vhci_hcd.c
> +++ b/drivers/usb/usbip/vhci_hcd.c
> @@ -702,8 +702,10 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag
> }
> vdev = &vhci_hcd->vdev[portnum-1];
>
> - /* patch to usb_sg_init() is in 2.5.60 */
> - BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length);
> + if (!urb->transfer_buffer && urb->transfer_buffer_length) {
> + dev_err(dev, "Null URB transfer buffer\n");
> + return -EINVAL;
> + }
>
> spin_lock_irqsave(&vhci->lock, flags);
>
MBR, Sergei
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
2019-01-19 16:58 ` Sergei Shtylyov
@ 2019-01-20 19:29 ` shuah
0 siblings, 0 replies; 9+ messages in thread
From: shuah @ 2019-01-20 19:29 UTC (permalink / raw)
To: Sergei Shtylyov, Shuah Khan, valentina.manea.m, gregkh
Cc: linux-usb, linux-kernel, shuah
On 1/19/19 9:58 AM, Sergei Shtylyov wrote:
> Hello!
>
> On 01/19/2019 12:29 AM, Shuah Khan wrote:
>
>> From: Shuah Khan <shuah@kernel.org>
>>
>> Fix vhci_urb_enqueue() to print error and return error instead of
>> failing with WARN_ON.
>
> It's BUG_ON().
Thanks. I will fix it.
-- Shuah
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vep_free_request() null pointer checks on input args
2019-01-19 8:17 ` [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Greg KH
@ 2019-01-22 23:05 ` shuah
2019-01-25 8:02 ` Greg KH
0 siblings, 1 reply; 9+ messages in thread
From: shuah @ 2019-01-22 23:05 UTC (permalink / raw)
To: Greg KH, Shuah Khan; +Cc: valentina.manea.m, linux-usb, linux-kernel, shuah
On 1/19/19 1:17 AM, Greg KH wrote:
> On Fri, Jan 18, 2019 at 02:29:30PM -0700, Shuah Khan wrote:
>> From: Shuah Khan <shuah@kernel.org>
>>
>> Fix vep_free_request() to return when usb_ep and usb_request are null
>> instead of calling WARN_ON.
>>
>> Signed-off-by: Shuah Khan <shuah@kernel.org>
>> ---
>> drivers/usb/usbip/vudc_dev.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/usbip/vudc_dev.c b/drivers/usb/usbip/vudc_dev.c
>> index 1634d8698e15..bfc8218e3fb6 100644
>> --- a/drivers/usb/usbip/vudc_dev.c
>> +++ b/drivers/usb/usbip/vudc_dev.c
>> @@ -297,7 +297,7 @@ static void vep_free_request(struct usb_ep *_ep, struct usb_request *_req)
>> {
>> struct vrequest *req;
>>
>> - if (WARN_ON(!_ep || !_req))
>> + if (!_ep || !_req)
>
> It's impossible for _ep to be NULL in this callback (see
> usb_ep_free_request() for where this is called from to prove that), so I
> don't think you need to check that. It's almost impossible for _req to
> be NULL, so you might as well leave that check in.
>
Yes. ep can never be null here in vep_free_request(). I will leave
this alone.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vep_free_request() null pointer checks on input args
2019-01-22 23:05 ` shuah
@ 2019-01-25 8:02 ` Greg KH
2019-01-25 14:26 ` shuah
0 siblings, 1 reply; 9+ messages in thread
From: Greg KH @ 2019-01-25 8:02 UTC (permalink / raw)
To: shuah; +Cc: Shuah Khan, valentina.manea.m, linux-usb, linux-kernel
On Tue, Jan 22, 2019 at 04:05:28PM -0700, shuah wrote:
> On 1/19/19 1:17 AM, Greg KH wrote:
> > On Fri, Jan 18, 2019 at 02:29:30PM -0700, Shuah Khan wrote:
> > > From: Shuah Khan <shuah@kernel.org>
> > >
> > > Fix vep_free_request() to return when usb_ep and usb_request are null
> > > instead of calling WARN_ON.
> > >
> > > Signed-off-by: Shuah Khan <shuah@kernel.org>
> > > ---
> > > drivers/usb/usbip/vudc_dev.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/usb/usbip/vudc_dev.c b/drivers/usb/usbip/vudc_dev.c
> > > index 1634d8698e15..bfc8218e3fb6 100644
> > > --- a/drivers/usb/usbip/vudc_dev.c
> > > +++ b/drivers/usb/usbip/vudc_dev.c
> > > @@ -297,7 +297,7 @@ static void vep_free_request(struct usb_ep *_ep, struct usb_request *_req)
> > > {
> > > struct vrequest *req;
> > > - if (WARN_ON(!_ep || !_req))
> > > + if (!_ep || !_req)
> >
> > It's impossible for _ep to be NULL in this callback (see
> > usb_ep_free_request() for where this is called from to prove that), so I
> > don't think you need to check that. It's almost impossible for _req to
> > be NULL, so you might as well leave that check in.
> >
>
> Yes. ep can never be null here in vep_free_request(). I will leave
> this alone.
You can drop the !_ep check at the least, no need to check something
that is impossible to hit :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] usbip: Fix vep_free_request() null pointer checks on input args
2019-01-25 8:02 ` Greg KH
@ 2019-01-25 14:26 ` shuah
0 siblings, 0 replies; 9+ messages in thread
From: shuah @ 2019-01-25 14:26 UTC (permalink / raw)
To: Greg KH; +Cc: Shuah Khan, valentina.manea.m, linux-usb, linux-kernel, shuah
On 1/25/19 1:02 AM, Greg KH wrote:
> On Tue, Jan 22, 2019 at 04:05:28PM -0700, shuah wrote:
>> On 1/19/19 1:17 AM, Greg KH wrote:
>>> On Fri, Jan 18, 2019 at 02:29:30PM -0700, Shuah Khan wrote:
>>>> From: Shuah Khan <shuah@kernel.org>
>>>>
>>>> Fix vep_free_request() to return when usb_ep and usb_request are null
>>>> instead of calling WARN_ON.
>>>>
>>>> Signed-off-by: Shuah Khan <shuah@kernel.org>
>>>> ---
>>>> drivers/usb/usbip/vudc_dev.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/usb/usbip/vudc_dev.c b/drivers/usb/usbip/vudc_dev.c
>>>> index 1634d8698e15..bfc8218e3fb6 100644
>>>> --- a/drivers/usb/usbip/vudc_dev.c
>>>> +++ b/drivers/usb/usbip/vudc_dev.c
>>>> @@ -297,7 +297,7 @@ static void vep_free_request(struct usb_ep *_ep, struct usb_request *_req)
>>>> {
>>>> struct vrequest *req;
>>>> - if (WARN_ON(!_ep || !_req))
>>>> + if (!_ep || !_req)
>>>
>>> It's impossible for _ep to be NULL in this callback (see
>>> usb_ep_free_request() for where this is called from to prove that), so I
>>> don't think you need to check that. It's almost impossible for _req to
>>> be NULL, so you might as well leave that check in.
>>>
>>
>> Yes. ep can never be null here in vep_free_request(). I will leave
>> this alone.
>
> You can drop the !_ep check at the least, no need to check something
> that is impossible to hit :)
>
Thanks. I will do that.
-- Shuah
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2019-01-25 14:27 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-18 21:29 [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Shuah Khan
2019-01-18 21:29 ` [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path Shuah Khan
2019-01-19 8:21 ` Greg KH
2019-01-19 16:58 ` Sergei Shtylyov
2019-01-20 19:29 ` shuah
2019-01-19 8:17 ` [PATCH] usbip: Fix vep_free_request() null pointer checks on input args Greg KH
2019-01-22 23:05 ` shuah
2019-01-25 8:02 ` Greg KH
2019-01-25 14:26 ` shuah
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).