[PATCH v2] Staging: rtl8192u: Do not DMA on the stack

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] Staging: rtl8192u: Do not DMA on the stack
@ 2015-10-06 19:07 Ksenija Stanojevic
  2015-10-06 19:25 ` [Outreachy kernel] " Arnd Bergmann
  2015-10-08  9:45 ` Greg KH
  0 siblings, 2 replies; 4+ messages in thread
From: Ksenija Stanojevic @ 2015-10-06 19:07 UTC (permalink / raw)
  To: outreachy-kernel; +Cc: Ksenija Stanojevic

Fix error "doing DMA on the stack" by using kzalloc for buffer
allocation.
Issue found by smatch.

Signed-off-by: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
---
Changes in v2:
	-put all changes in one patch instead patchset.
	-replace &data with pdata

 drivers/staging/rtl8192u/r8192U_core.c | 72 +++++++++++++++++++++++++++++-----
 1 file changed, 63 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
index 28b54ba..cf6f90d 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -259,10 +259,16 @@ void write_nic_byte_E(struct net_device *dev, int indx, u8 data)
 	int status;
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u8 *pdata = kzalloc(sizeof(data), GFP_KERNEL);
+
+	if (!pdata)
+		return;
+	*pdata = data;
 
 	status = usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
 				 RTL8187_REQ_SET_REGS, RTL8187_REQT_WRITE,
-				 indx | 0xfe00, 0, &data, 1, HZ / 2);
+				 indx | 0xfe00, 0, pdata, 1, HZ / 2);
+	kfree(pdata);
 
 	if (status < 0)
 		netdev_err(dev, "write_nic_byte_E TimeOut! status: %d\n",
@@ -274,10 +280,16 @@ int read_nic_byte_E(struct net_device *dev, int indx, u8 *data)
 	int status;
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u8 *pdata = kzalloc(sizeof(u8), GFP_KERNEL);
+
+	if (!pdata)
+		return -ENOMEM;
 
 	status = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 				 RTL8187_REQ_GET_REGS, RTL8187_REQT_READ,
-				 indx | 0xfe00, 0, data, 1, HZ / 2);
+				 indx | 0xfe00, 0, pdata, 1, HZ / 2);
+	*data = *pdata;
+	kfree(pdata);
 
 	if (status < 0) {
 		netdev_err(dev, "%s failure status: %d\n", __func__, status);
@@ -293,11 +305,17 @@ void write_nic_byte(struct net_device *dev, int indx, u8 data)
 
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u8 *pdata = kzalloc(sizeof(data), GFP_KERNEL);
+
+	if (!pdata)
+		return;
+	*pdata = data;
 
 	status = usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
 				 RTL8187_REQ_SET_REGS, RTL8187_REQT_WRITE,
 				 (indx & 0xff) | 0xff00, (indx >> 8) & 0x0f,
-				 &data, 1, HZ / 2);
+				 pdata, 1, HZ / 2);
+	kfree(pdata);
 
 	if (status < 0)
 		netdev_err(dev, "write_nic_byte TimeOut! status: %d\n", status);
@@ -313,11 +331,17 @@ void write_nic_word(struct net_device *dev, int indx, u16 data)
 
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u16 *pdata = kzalloc(sizeof(data), GFP_KERNEL);
+
+	if (!pdata)
+		return;
+	*pdata = data;
 
 	status = usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
 				 RTL8187_REQ_SET_REGS, RTL8187_REQT_WRITE,
 				 (indx & 0xff) | 0xff00, (indx >> 8) & 0x0f,
-				 &data, 2, HZ / 2);
+				 pdata, 2, HZ / 2);
+	kfree(pdata);
 
 	if (status < 0)
 		netdev_err(dev, "write_nic_word TimeOut! status: %d\n", status);
@@ -332,11 +356,17 @@ void write_nic_dword(struct net_device *dev, int indx, u32 data)
 
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u32 *pdata = kzalloc(sizeof(data), GFP_KERNEL);
+
+	if (!pdata)
+		return;
+	*pdata = data;
 
 	status = usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
 				 RTL8187_REQ_SET_REGS, RTL8187_REQT_WRITE,
 				 (indx & 0xff) | 0xff00, (indx >> 8) & 0x0f,
-				 &data, 4, HZ / 2);
+				 pdata, 4, HZ / 2);
+	kfree(pdata);
 
 
 	if (status < 0)
@@ -352,11 +382,17 @@ int read_nic_byte(struct net_device *dev, int indx, u8 *data)
 	int status;
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u8 *pdata = kzalloc(sizeof(u8), GFP_KERNEL);
+
+	if (!pdata)
+		return -ENOMEM;
 
 	status = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 				 RTL8187_REQ_GET_REGS, RTL8187_REQT_READ,
 				 (indx & 0xff) | 0xff00, (indx >> 8) & 0x0f,
-				 data, 1, HZ / 2);
+				 pdata, 1, HZ / 2);
+	*data = *pdata;
+	kfree(pdata);
 
 	if (status < 0) {
 		netdev_err(dev, "%s failure status: %d\n", __func__, status);
@@ -373,11 +409,17 @@ int read_nic_word(struct net_device *dev, int indx, u16 *data)
 	int status;
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u16 *pdata = kzalloc(sizeof(u16), GFP_KERNEL);
+
+	if (!pdata)
+		return -ENOMEM;
 
 	status = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 				 RTL8187_REQ_GET_REGS, RTL8187_REQT_READ,
 				 (indx & 0xff) | 0xff00, (indx >> 8) & 0x0f,
-				 data, 2, HZ / 2);
+				 pdata, 2, HZ / 2);
+	*data = *pdata;
+	kfree(pdata);
 
 	if (status < 0) {
 		netdev_err(dev, "%s failure status: %d\n", __func__, status);
@@ -392,10 +434,16 @@ static int read_nic_word_E(struct net_device *dev, int indx, u16 *data)
 	int status;
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u16 *pdata = kzalloc(sizeof(u16), GFP_KERNEL);
+
+	if (!pdata)
+		return -ENOMEM;
 
 	status = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 				 RTL8187_REQ_GET_REGS, RTL8187_REQT_READ,
-				 indx | 0xfe00, 0, data, 2, HZ / 2);
+				 indx | 0xfe00, 0, pdata, 2, HZ / 2);
+	*data = *pdata;
+	kfree(pdata);
 
 	if (status < 0) {
 		netdev_err(dev, "%s failure status: %d\n", __func__, status);
@@ -411,11 +459,17 @@ int read_nic_dword(struct net_device *dev, int indx, u32 *data)
 
 	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
 	struct usb_device *udev = priv->udev;
+	u32 *pdata = kzalloc(sizeof(u32), GFP_KERNEL);
+
+	if (!pdata)
+		return -ENOMEM;
 
 	status = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 				 RTL8187_REQ_GET_REGS, RTL8187_REQT_READ,
 				 (indx & 0xff) | 0xff00, (indx >> 8) & 0x0f,
-				 data, 4, HZ / 2);
+				 pdata, 4, HZ / 2);
+	*data = *pdata;
+	kfree(pdata);
 
 	if (status < 0) {
 		netdev_err(dev, "%s failure status: %d\n", __func__, status);
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Outreachy kernel] [PATCH v2] Staging: rtl8192u: Do not DMA on the stack
  2015-10-06 19:07 [PATCH v2] Staging: rtl8192u: Do not DMA on the stack Ksenija Stanojevic
@ 2015-10-06 19:25 ` Arnd Bergmann
  2015-10-08  9:43   ` Greg KH
  2015-10-08  9:45 ` Greg KH
  1 sibling, 1 reply; 4+ messages in thread
From: Arnd Bergmann @ 2015-10-06 19:25 UTC (permalink / raw)
  To: outreachy-kernel; +Cc: Ksenija Stanojevic

On Tuesday 06 October 2015 21:07:11 Ksenija Stanojevic wrote:
> Fix error "doing DMA on the stack" by using kzalloc for buffer
> allocation.
> Issue found by smatch.
> 
> Signed-off-by: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
> 

Looks correct to me now,

Reviewed-by: Arnd Bergmann <arnd@arndb.de>

I have a vague feeling that there ought to be a nicer way to do it
without having to duplicate all those kmalloc calls, but I didn't
find an existing USB driver API for that. I'm sure Greg will tell us
if there is one.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Outreachy kernel] [PATCH v2] Staging: rtl8192u: Do not DMA on the stack
  2015-10-06 19:25 ` [Outreachy kernel] " Arnd Bergmann
@ 2015-10-08  9:43   ` Greg KH
  0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2015-10-08  9:43 UTC (permalink / raw)
  To: Arnd Bergmann; +Cc: outreachy-kernel, Ksenija Stanojevic

On Tue, Oct 06, 2015 at 09:25:21PM +0200, Arnd Bergmann wrote:
> On Tuesday 06 October 2015 21:07:11 Ksenija Stanojevic wrote:
> > Fix error "doing DMA on the stack" by using kzalloc for buffer
> > allocation.
> > Issue found by smatch.
> > 
> > Signed-off-by: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
> > 
> 
> Looks correct to me now,
> 
> Reviewed-by: Arnd Bergmann <arnd@arndb.de>
> 
> I have a vague feeling that there ought to be a nicer way to do it
> without having to duplicate all those kmalloc calls, but I didn't
> find an existing USB driver API for that. I'm sure Greg will tell us
> if there is one.

Nope, unfortunatly, it's the only way to do this.

greg k-h


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Outreachy kernel] [PATCH v2] Staging: rtl8192u: Do not DMA on the stack
  2015-10-06 19:07 [PATCH v2] Staging: rtl8192u: Do not DMA on the stack Ksenija Stanojevic
  2015-10-06 19:25 ` [Outreachy kernel] " Arnd Bergmann
@ 2015-10-08  9:45 ` Greg KH
  1 sibling, 0 replies; 4+ messages in thread
From: Greg KH @ 2015-10-08  9:45 UTC (permalink / raw)
  To: Ksenija Stanojevic; +Cc: outreachy-kernel

On Tue, Oct 06, 2015 at 09:07:11PM +0200, Ksenija Stanojevic wrote:
> Fix error "doing DMA on the stack" by using kzalloc for buffer
> allocation.
> Issue found by smatch.
> 
> Signed-off-by: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
> ---
> Changes in v2:
> 	-put all changes in one patch instead patchset.
> 	-replace &data with pdata
> 
>  drivers/staging/rtl8192u/r8192U_core.c | 72 +++++++++++++++++++++++++++++-----
>  1 file changed, 63 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
> index 28b54ba..cf6f90d 100644
> --- a/drivers/staging/rtl8192u/r8192U_core.c
> +++ b/drivers/staging/rtl8192u/r8192U_core.c
> @@ -259,10 +259,16 @@ void write_nic_byte_E(struct net_device *dev, int indx, u8 data)
>  	int status;
>  	struct r8192_priv *priv = (struct r8192_priv *)ieee80211_priv(dev);
>  	struct usb_device *udev = priv->udev;
> +	u8 *pdata = kzalloc(sizeof(data), GFP_KERNEL);

Ok, I'm going to be "pendantic" here and say you should never put a 'p'
in front of a variable name just because it is a "pointer".  We know
it's a pointer, the compiler tells us that, so you can't get it wrong.

Try naming it what it is, "usbdata" or "msgdata" or something like that.
Naming is hard, sorry, but please don't try to use 'hungarian notation'
for naming variables, that's just not needed at all in Linux, and is
considered bad-form.

thansk,

greg k-h


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-10-08  9:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-06 19:07 [PATCH v2] Staging: rtl8192u: Do not DMA on the stack Ksenija Stanojevic
2015-10-06 19:25 ` [Outreachy kernel] " Arnd Bergmann
2015-10-08  9:43   ` Greg KH
2015-10-08  9:45 ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.