[PATCH -next] scsi: aacraid: Use memdup_user() as a cleanup

[PATCH -next] scsi: aacraid: Use memdup_user() as a cleanup

[Zou Wei]

Fix coccicheck warning which recommends to use memdup_user().

This patch fixes the following coccicheck warnings:

drivers/scsi/aacraid/commctrl.c:516:15-22: WARNING opportunity for memdup_user

Fixes: 4645df1035b3 ("[PATCH] aacraid: swapped kmalloc args.")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zou Wei <zou_wei@huawei.com>
---
 drivers/scsi/aacraid/commctrl.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index ffe41bc..1ce1620 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
 		goto cleanup;
 	}
 
-	user_srbcmd = kmalloc(fibsize, GFP_KERNEL);
-	if (!user_srbcmd) {
-		dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n"));
-		rcode = -ENOMEM;
-		goto cleanup;
-	}
-	if(copy_from_user(user_srbcmd, user_srb,fibsize)){
-		dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n"));
-		rcode = -EFAULT;
-		goto cleanup;
-	}
+	user_srbcmd = memdup_user(user_srb, fibsize);
+	if (IS_ERR(user_srbcmd))
+		return PTR_ERR(user_srbcmd);
 
 	flags = user_srbcmd->flags; /* from user in cpu order */
 	switch (flags & (SRB_DataIn | SRB_DataOut)) {
-- 
2.6.2

Re: [PATCH -next] scsi: aacraid: Use memdup_user() as a cleanup

[Martin K. Petersen]

Zou,

> diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
> index ffe41bc..1ce1620 100644
> --- a/drivers/scsi/aacraid/commctrl.c
> +++ b/drivers/scsi/aacraid/commctrl.c
> @@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
>  		goto cleanup;
>  	}
>  
> -	user_srbcmd = kmalloc(fibsize, GFP_KERNEL);
> -	if (!user_srbcmd) {
> -		dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n"));
> -		rcode = -ENOMEM;
> -		goto cleanup;
> -	}
> -	if(copy_from_user(user_srbcmd, user_srb,fibsize)){
> -		dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n"));
> -		rcode = -EFAULT;
> -		goto cleanup;
> -	}
> +	user_srbcmd = memdup_user(user_srb, fibsize);
> +	if (IS_ERR(user_srbcmd))
> +		return PTR_ERR(user_srbcmd);
>  
>  	flags = user_srbcmd->flags; /* from user in cpu order */
>  	switch (flags & (SRB_DataIn | SRB_DataOut)) {

This is not equivalent, is it? The original code does a goto cleanup;
whereas your patch returns on error.

-- 
Martin K. Petersen	Oracle Linux Engineering

Re: [PATCH -next] scsi: aacraid: Use memdup_user() as a cleanup

[Samuel Zou]

Hi Martin,

Thanks for your review and reply.
You are right, it is not equivalent. I will keep the original goto 
cleanup. But the return value is changed to use of PTR_ERR 
(user_srbcmd), and assign it to rcode.
I will send the v2 soon later

On 2020/4/25 6:23, Martin K. Petersen wrote:
> 
> Zou,
> 
>> diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
>> index ffe41bc..1ce1620 100644
>> --- a/drivers/scsi/aacraid/commctrl.c
>> +++ b/drivers/scsi/aacraid/commctrl.c
>> @@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
>>   		goto cleanup;
>>   	}
>>   
>> -	user_srbcmd = kmalloc(fibsize, GFP_KERNEL);
>> -	if (!user_srbcmd) {
>> -		dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n"));
>> -		rcode = -ENOMEM;
>> -		goto cleanup;
>> -	}
>> -	if(copy_from_user(user_srbcmd, user_srb,fibsize)){
>> -		dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n"));
>> -		rcode = -EFAULT;
>> -		goto cleanup;
>> -	}
>> +	user_srbcmd = memdup_user(user_srb, fibsize);
>> +	if (IS_ERR(user_srbcmd))
>> +		return PTR_ERR(user_srbcmd);
>>   
>>   	flags = user_srbcmd->flags; /* from user in cpu order */
>>   	switch (flags & (SRB_DataIn | SRB_DataOut)) {
> 
> This is not equivalent, is it? The original code does a goto cleanup;
> whereas your patch returns on error.
>