Re: [PATCH v3 09/12] usb: misc: lvstest: update to use the usb_control_msg_{send|recv}() API

From: Johan Hovold
Date: Wed Jan 27 2021 - 10:21:47 EST

Next message: Dave Martin: "Re: [PATCH 1/3] arm64/ptrace: don't clobber task registers on syscall entry/exit traps"
Previous message: Lino Sanfilippo: "Re: [PATCH 3/4] tpm: in tpm2_del_space check if ops pointer is still valid"
In reply to: Anant Thazhemadam: "[PATCH v3 09/12] usb: misc: lvstest: update to use the usb_control_msg_{send|recv}() API"
Next in thread: Anant Thazhemadam: "[no subject]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 27, 2021 at 12:09:43AM +0530, Anant Thazhemadam wrote:
> The newer usb_control_msg_{send|recv}() API are an improvement on the
> existing usb_control_msg() as it ensures that a short read/write is treated
> as an error, data can be used off the stack, and raw usb pipes need not be
> created in the calling functions.
> For this reason, instances of usb_control_msg() have been replaced with
> usb_control_msg_{recv|send}() and the return value checking conditions have
> also been modified appropriately.
>
> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@xxxxxxxxx>
> ---
> drivers/usb/misc/lvstest.c | 38 ++++++++++++++++----------------------
> 1 file changed, 16 insertions(+), 22 deletions(-)

> @@ -336,10 +330,10 @@ static void lvs_rh_work(struct work_struct *work)
>
> /* Examine each root port */
> for (i = 1; i <= descriptor->bNbrPorts; i++) {
> - ret = usb_control_msg(hdev, usb_rcvctrlpipe(hdev, 0),
> + ret = usb_control_msg_recv(hdev, 0,
> USB_REQ_GET_STATUS, USB_DIR_IN | USB_RT_PORT, 0, i,
> - port_status, sizeof(*port_status), 1000);
> - if (ret < 4)
> + port_status, sizeof(*port_status), 1000, GFP_KERNEL);
> + if (ret < 0)
> continue;

I'm afraid this may introduce a regression as well since the
sizeof(*port_status) is 8 for some devices and the driver only cares
about the first 4 that all devices use (i.e. it is written to handle
short reads).

> portchange = le16_to_cpu(port_status->wPortChange);
> @@ -420,13 +414,13 @@ static int lvs_rh_probe(struct usb_interface *intf,
> usb_set_intfdata(intf, lvs);
>
> /* how many number of ports this root hub has */
> - ret = usb_control_msg(hdev, usb_rcvctrlpipe(hdev, 0),
> + ret = usb_control_msg_recv(hdev, 0,
> USB_REQ_GET_DESCRIPTOR, USB_DIR_IN | USB_RT_HUB,
> USB_DT_SS_HUB << 8, 0, &lvs->descriptor,
> - USB_DT_SS_HUB_SIZE, USB_CTRL_GET_TIMEOUT);
> - if (ret < (USB_DT_HUB_NONVAR_SIZE + 2)) {
> + USB_DT_SS_HUB_SIZE, USB_CTRL_GET_TIMEOUT, GFP_KERNEL);
> + if (ret < 0) {
> dev_err(&hdev->dev, "wrong root hub descriptor read %d\n", ret);
> - return ret < 0 ? ret : -EINVAL;
> + return ret;
> }

This looks like it may break for similar reasons.

Johan

Next message: Dave Martin: "Re: [PATCH 1/3] arm64/ptrace: don't clobber task registers on syscall entry/exit traps"
Previous message: Lino Sanfilippo: "Re: [PATCH 3/4] tpm: in tpm2_del_space check if ops pointer is still valid"
In reply to: Anant Thazhemadam: "[PATCH v3 09/12] usb: misc: lvstest: update to use the usb_control_msg_{send|recv}() API"
Next in thread: Anant Thazhemadam: "[no subject]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]