From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michal Nazarewicz Date: Sat, 28 May 2016 10:16:26 +0000 Subject: Re: [patch v2] usb: f_fs: off by one bug in _ffs_func_bind() Message-Id: List-Id: References: <20160528044810.GA4107@mwanda> In-Reply-To: <20160528044810.GA4107@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1254" Content-Transfer-Encoding: base64 To: Dan Carpenter , Felipe Balbi Cc: Greg Kroah-Hartman , Lars-Peter Clausen , Robert Baldyga , Al Viro , Daniel Walter , "Du, Changbin" , Rui Miguel Silva , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org T24gU2F0LCBNYXkgMjggMjAxNiwgRGFuIENhcnBlbnRlciB3cm90ZToKPiBUaGlzIGxvb3AgaXMg c3VwcG9zZWQgdG8gc2V0IGFsbCB0aGUgLm51bVtdIHZhbHVlcyB0byAtMSBidXQgaXQncyBvZmYg YnkKPiBvbmUgc28gaXQgc2tpcHMgdGhlIGZpcnN0IGVsZW1lbnQgYW5kIHNldHMgb25lIGVsZW1l bnQgcGFzdCB0aGUgZW5kIG9mCj4gdGhlIGFycmF5Lgo+Cj4gSSd2ZSBjbGVhbmVkIHVwIHRoZSBs b29wIGEgbGl0dGxlIGFzIHdlbGwuCj4KPiBGaXhlczogZGRmOGFiZDI1OTk0ICgnVVNCOiBmX2Zz OiB0aGUgRnVuY3Rpb25GUyBkcml2ZXInKQo+IFNpZ25lZC1vZmYtYnk6IERhbiBDYXJwZW50ZXIg PGRhbi5jYXJwZW50ZXJAb3JhY2xlLmNvbT4KCkFja2VkLWJ5OiBNaWNoYWwgTmF6YXJld2ljeiA8 bWluYTg2QG1pbmE4Ni5jb20+Cgo+IC0tLQo+IHYyOiBtb3ZlIHRoZSBlcHNfcHRyIGFzc2lnbm1l bnQgb3V0c2lkZSB0aGUgbG9vcC4KPgo+IGRpZmYgLS1naXQgYS9kcml2ZXJzL3VzYi9nYWRnZXQv ZnVuY3Rpb24vZl9mcy5jIGIvZHJpdmVycy91c2IvZ2FkZ2V0L2Z1bmN0aW9uL2ZfZnMuYwo+IGlu ZGV4IDczNTE1ZDUuLmQyNmViNjQgMTAwNjQ0Cj4gLS0tIGEvZHJpdmVycy91c2IvZ2FkZ2V0L2Z1 bmN0aW9uL2ZfZnMuYwo+ICsrKyBiL2RyaXZlcnMvdXNiL2dhZGdldC9mdW5jdGlvbi9mX2ZzLmMK PiBAQCAtMjcyOSw2ICsyNzI5LDcgQEAgc3RhdGljIGludCBfZmZzX2Z1bmNfYmluZChzdHJ1Y3Qg dXNiX2NvbmZpZ3VyYXRpb24gKmMsCj4gIAkJZnVuYy0+ZmZzLT5zc19kZXNjc19jb3VudDsKPiAg Cj4gIAlpbnQgZnNfbGVuLCBoc19sZW4sIHNzX2xlbiwgcmV0LCBpOwo+ICsJc3RydWN0IGZmc19l cCAqZXBzX3B0cjsKPiAgCj4gIAkvKiBNYWtlIGl0IGEgc2luZ2xlIGNodW5rLCBsZXNzIG1hbmFn ZW1lbnQgbGF0ZXIgb24gKi8KPiAgCXZsYV9ncm91cChkKTsKPiBAQCAtMjc3NywxMiArMjc3OCw5 IEBAIHN0YXRpYyBpbnQgX2Zmc19mdW5jX2JpbmQoc3RydWN0IHVzYl9jb25maWd1cmF0aW9uICpj LAo+ICAJICAgICAgIGZmcy0+cmF3X2Rlc2NzX2xlbmd0aCk7Cj4gIAo+ICAJbWVtc2V0KHZsYV9w dHIodmxhYnVmLCBkLCBpbnVtcyksIDB4ZmYsIGRfaW51bXNfX3N6KTsKPiAtCWZvciAocmV0ID0g ZmZzLT5lcHNfY291bnQ7IHJldDsgLS1yZXQpIHsKPiAtCQlzdHJ1Y3QgZmZzX2VwICpwdHI7Cj4g LQo+IC0JCXB0ciA9IHZsYV9wdHIodmxhYnVmLCBkLCBlcHMpOwo+IC0JCXB0cltyZXRdLm51bSA9 IC0xOwo+IC0JfQo+ICsJZXBzX3B0ciA9IHZsYV9wdHIodmxhYnVmLCBkLCBlcHMpOwo+ICsJZm9y IChpID0gMDsgaSA8IGZmcy0+ZXBzX2NvdW50OyBpKyspCj4gKwkJZXBzX3B0cltpXS5udW0gPSAt MTsKPiAgCj4gIAkvKiBTYXZlIHBvaW50ZXJzCj4gIAkgKiBkX2VwcyA9IHZsYWJ1ZiwgZnVuYy0+ ZXBzIHVzZWQgdG8ga2ZyZWUgdmxhYnVmIGxhdGVyCgotLSAKQmVzdCByZWdhcmRzCuODn+ODj+OC piDigJzwnZO28J2TsvCdk7fwnZOqODbigJ0g44OK44K244Os44O044Kk44OECsKrSWYgYXQgZmly c3QgeW91IGRvbuKAmXQgc3VjY2VlZCwgZ2l2ZSB1cCBza3lkaXZpbmfCuwotLQpUbyB1bnN1YnNj cmliZSBmcm9tIHRoaXMgbGlzdDogc2VuZCB0aGUgbGluZSAidW5zdWJzY3JpYmUga2VybmVsLWph bml0b3JzIiBpbgp0aGUgYm9keSBvZiBhIG1lc3NhZ2UgdG8gbWFqb3Jkb21vQHZnZXIua2VybmVs Lm9yZwpNb3JlIG1ham9yZG9tbyBpbmZvIGF0ICBodHRwOi8vdmdlci5rZXJuZWwub3JnL21ham9y ZG9tby1pbmZvLmh0bWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753890AbcE1KQe (ORCPT ); Sat, 28 May 2016 06:16:34 -0400 Received: from mail-wm0-f43.google.com ([74.125.82.43]:34191 "EHLO mail-wm0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751879AbcE1KQb convert rfc822-to-8bit (ORCPT ); Sat, 28 May 2016 06:16:31 -0400 From: Michal Nazarewicz To: Dan Carpenter , Felipe Balbi Cc: Greg Kroah-Hartman , Lars-Peter Clausen , Robert Baldyga , Al Viro , Daniel Walter , "Du\, Changbin" , Rui Miguel Silva , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [patch v2] usb: f_fs: off by one bug in _ffs_func_bind() In-Reply-To: <20160528044810.GA4107@mwanda> Organization: http://mina86.com/ References: <20160528044810.GA4107@mwanda> User-Agent: Notmuch/0.19+53~g2e63a09 (http://notmuchmail.org) Emacs/25.1.50.1 (x86_64-unknown-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWbfGlUPDDHgE57V0jUupKjgIObY0PLrom9mH4dFRK4gmjPs41MxjOgAAACP0lEQVQ4T23Sv2vbQBQHcBk1xE6WyALX107VUEgmn6+ouUwpEQQ6uRjttkWP4CkBg2M0BQLBdPFZYPsyFYo7qEtKDQ7on+t7+nF2Ux8ahD587717OmNYrOvycHsZ+o2r051wHTHysAvGb8ygvgu4QWT0sCmkgZCIEnlV2X8BtyraazFGDuxhmKSQJMlwHQ7v5MHSNxmz78rfElwAa3ieVD9e+hBhjaPDDG6NgFo2f4wBMNIo5YmRtF0RyDgFjJjlMIWbnuM4x9MMfABGTlN4qgIQB4A1DEyA1BHWtfeWNUMwiVJKoqh97KrkOO+qzgluVYLvFCUKAX73nONeBr7BGMdM6Sg0kuep03VywLaIzRiVr+GAzKlpQIsAFnWAG2e6DT5WmWDiudZMIc6hYrMOmeMQK9WX0B+/RfjzL9DI7Y9/Iayn29Ci0r2i4f9gMimMSZLCDMalgQGU5hnUtqAN0OGvEmO1Wnl0C0wWSCEHnuHBqmygxdxA8oWXwbipoc1EoNR9DqOpBpOJrnr0criQab9ZT4LL+wI+K7GBQH30CrhUruilgP9DRTrhVWZCiAyILP+wiuLeCKGTD6r/nc8LOJcAwR6IBTUs+7CASw3QFZ0MdA2PI3zNziH4ZKVhXCRMBjeZ1DWMekKwDCASwExy+NQ86TaykaDAFHO4aP48y4fIcDM5yOG8GcTLbOyp8A8azjJI93JFd1EA6yN8sSxMQJWoABqniRZVykYgRXErzrdqExAoUrRb0xfRp8p2A/4XmfilTtkDZ4cAAAAASUVORK5CYII= X-Face: -TR8(rDTHy/(xl?SfWd1|3:TTgDIatE^t'vop%*gVg[kn$t{EpK(P"VQ=~T2#ysNmJKN$"yTRLB4YQs$4{[.]Fc1)*O]3+XO^oXM>Q#b^ix,O)Zbn)q[y06$`e3?C)`CwR9y5riE=fv^X@x$y?D:XO6L&x4f-}}I4=VRNwiA^t1-ZrVK^07.Pi/57c_du'& X-PGP: 50751FF4 X-PGP-FP: AC1F 5F5C D418 88F8 CC84 5858 2060 4012 5075 1FF4 X-Hashcash: 1:20:160528:r.baldyga@samsung.com::B1pQwDMJQyXml+aP:000000000000000000000000000000000000000008H9 X-Hashcash: 1:20:160528:viro@zeniv.linux.org.uk::w++g9jll8VYouym6:000000000000000000000000000000000000001MwP X-Hashcash: 1:20:160528:dan.carpenter@oracle.com::DEif9TKktZnhnKe2:00000000000000000000000000000000000001R3V X-Hashcash: 1:20:160528:changbin.du@intel.com::0+KF0W5C/cNFeKt8:00000000000000000000000000000000000000001Avd X-Hashcash: 1:20:160528:gregkh@linuxfoundation.org::554bwD5nG70GhVFp:000000000000000000000000000000000001p1j X-Hashcash: 1:20:160528:balbi@kernel.org::Owp1+eUXTzfgokR1:039ay X-Hashcash: 1:20:160528:linux-kernel@vger.kernel.org::WIx3o9pqJ0h9dHBD:0000000000000000000000000000000001sSV X-Hashcash: 1:20:160528:kernel-janitors@vger.kernel.org::4emVcEkR4XbpFccr:0000000000000000000000000000003TwK X-Hashcash: 1:20:160528:dwalter@sigma-star.at::N9IFy7zaSfZuIpgI:00000000000000000000000000000000000000004r5y X-Hashcash: 1:20:160528:lars@metafoo.de::J3+6LP6NgcU0psJH:005v75 X-Hashcash: 1:20:160528:linux-usb@vger.kernel.org::aTAmPt0bmcPSqnGm:0000000000000000000000000000000000007IPh X-Hashcash: 1:20:160528:rui.silva@linaro.org::sbGYikXZMnK4p+j6:00000000000000000000000000000000000000000HCbr Date: Sat, 28 May 2016 12:16:26 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 28 2016, Dan Carpenter wrote: > This loop is supposed to set all the .num[] values to -1 but it's off by > one so it skips the first element and sets one element past the end of > the array. > > I've cleaned up the loop a little as well. > > Fixes: ddf8abd25994 ('USB: f_fs: the FunctionFS driver') > Signed-off-by: Dan Carpenter Acked-by: Michal Nazarewicz > --- > v2: move the eps_ptr assignment outside the loop. > > diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c > index 73515d5..d26eb64 100644 > --- a/drivers/usb/gadget/function/f_fs.c > +++ b/drivers/usb/gadget/function/f_fs.c > @@ -2729,6 +2729,7 @@ static int _ffs_func_bind(struct usb_configuration *c, > func->ffs->ss_descs_count; > > int fs_len, hs_len, ss_len, ret, i; > + struct ffs_ep *eps_ptr; > > /* Make it a single chunk, less management later on */ > vla_group(d); > @@ -2777,12 +2778,9 @@ static int _ffs_func_bind(struct usb_configuration *c, > ffs->raw_descs_length); > > memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz); > - for (ret = ffs->eps_count; ret; --ret) { > - struct ffs_ep *ptr; > - > - ptr = vla_ptr(vlabuf, d, eps); > - ptr[ret].num = -1; > - } > + eps_ptr = vla_ptr(vlabuf, d, eps); > + for (i = 0; i < ffs->eps_count; i++) > + eps_ptr[i].num = -1; > > /* Save pointers > * d_eps == vlabuf, func->eps used to kfree vlabuf later -- Best regards ミハウ “𝓶𝓲𝓷𝓪86” ナザレヴイツ «If at first you don’t succeed, give up skydiving»