Re: [PATCH 1/4] staging: ozwpan: Fixes crash due to invalid port aceess.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: Rupesh Gujare <rupesh.gujare@atmel.com>
Cc: devel@linuxdriverproject.org, gregkh@linuxfoundation.org,
	linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/4] staging: ozwpan: Fixes crash due to invalid port aceess.
Date: Mon, 5 Aug 2013 21:20:23 +0300	[thread overview]
Message-ID: <20130805182023.GK5051@mwanda> (raw)
In-Reply-To: <1375724415-10801-2-git-send-email-rupesh.gujare@atmel.com>

On Mon, Aug 05, 2013 at 06:40:12PM +0100, Rupesh Gujare wrote:
> This patch fixes kernel crash issue, when we receive URB request
> after de-enumerating device.
> 

In other words we were getting a NULL dereference dereferencing
"ep".  There is an existing check already, which should be cleaned
up.

drivers/staging/ozwpan/ozhcd.c
   498  
   499          if (ep && port->hpd) {
                    ^^
This useless existing check should be removed.

   500                  list_add_tail(&urbl->link, &ep->urb_list);
   501                  if (!in_dir && ep_addr && (ep->credit < 0)) {
   502                          getrawmonotonic(&ep->timestamp);
   503                          ep->credit = 0;
   504                  }
   505          } else {
   506                  err = -EPIPE;
   507          }

I'm not sure that think -ENOMEM is the correct error code but I
also don't know what else to use.

I had a style nit pick as well, below.

> Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
> ---
>  drivers/staging/ozwpan/ozhcd.c |    9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/ozwpan/ozhcd.c b/drivers/staging/ozwpan/ozhcd.c
> index ed63868..d313a63 100644
> --- a/drivers/staging/ozwpan/ozhcd.c
> +++ b/drivers/staging/ozwpan/ozhcd.c
> @@ -480,10 +480,14 @@ static int oz_enqueue_ep_urb(struct oz_port *port, u8 ep_addr, int in_dir,
>  		oz_free_urb_link(urbl);
>  		return 0;
>  	}
> -	if (in_dir)
> +	if (in_dir && port->in_ep[ep_addr])
>  		ep = port->in_ep[ep_addr];
> -	else
> +	else if (!in_dir && port->out_ep[ep_addr])
>  		ep = port->out_ep[ep_addr];

In the future, use kernel braces style.  If one side of the if else
statement gets a brace then they both get one.  So it's like this:

	if (in_dir && port->in_ep[ep_addr]) {
		ep = port->in_ep[ep_addr];
	} else if (!in_dir && port->out_ep[ep_addr]) {
		ep = port->out_ep[ep_addr];
	} else {
		err = -ENOMEM;
		goto out;
	}

Or another simpler way to write this would be:

	ep = NULL;
	if (in_dir)
		ep = port->in_ep[ep_addr];
	else
		ep = port->out_ep[ep_addr];
	if (!ep) {
		err = -ENOMEM;
		goto unlock;
	}

regards,
dan carpenter

next prev parent reply	other threads:[~2013-08-05 18:20 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-05 17:40 [PATCH 0/4] staging: ozwpan: Fix crash issues Rupesh Gujare
2013-08-05 17:40 ` [PATCH 1/4] staging: ozwpan: Fixes crash due to invalid port aceess Rupesh Gujare
2013-08-05 18:20   ` Dan Carpenter [this message]
2013-08-05 17:40 ` [PATCH 2/4] staging: ozwpan: Increment port number for new device Rupesh Gujare
2013-08-05 17:53   ` Dan Carpenter
2013-08-05 18:43     ` Rupesh Gujare
2013-08-05 20:23       ` Dan Carpenter
2013-08-05 20:33         ` Dan Carpenter
2013-08-06 10:26         ` Rupesh Gujare
2013-08-06 10:41           ` Dan Carpenter
2013-08-12 21:57   ` Greg KH
2013-08-05 17:40 ` [PATCH 3/4] staging: ozwpan: Reset port configuration number Rupesh Gujare
2013-08-05 18:21   ` Dan Carpenter
2013-08-05 18:58     ` Rupesh Gujare
2013-08-05 17:40 ` [PATCH 4/4] staging: ozwpan: Return correct hub status Rupesh Gujare
2013-08-05 18:56   ` Dan Carpenter
2013-08-05 19:00     ` Rupesh Gujare
2013-08-05 19:28       ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130805182023.GK5051@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=devel@linuxdriverproject.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=rupesh.gujare@atmel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.