* [PATCH net 0/2] net: usb: pegasus: better error checking and DRIVER_VERSION removal @ 2021-08-03 15:03 Petko Manolov 2021-08-03 15:03 ` [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; Petko Manolov 2021-08-03 15:03 ` [PATCH net 2/2] net: usb: pegasus: Remove the changelog and DRIVER_VERSION Petko Manolov 0 siblings, 2 replies; 8+ messages in thread From: Petko Manolov @ 2021-08-03 15:03 UTC (permalink / raw) To: netdev; +Cc: paskripkin, davem, gregkh, Petko Manolov From: Petko Manolov <petkan@nucleusys.com> Add error checking for get_registers() and derivatives. If the usb transfer fail then just don't use the buffer where the legal data should have been returned. Remove DRIVER_VERSION per Greg KH request. Petko Manolov (2): Check the return value of get_geristers() and friends; Remove the changelog and DRIVER_VERSION. drivers/net/usb/pegasus.c | 132 +++++++++++++++++++++----------------- 1 file changed, 72 insertions(+), 60 deletions(-) -- 2.30.2 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; 2021-08-03 15:03 [PATCH net 0/2] net: usb: pegasus: better error checking and DRIVER_VERSION removal Petko Manolov @ 2021-08-03 15:03 ` Petko Manolov 2021-08-03 15:28 ` Pavel Skripkin 2021-08-03 15:03 ` [PATCH net 2/2] net: usb: pegasus: Remove the changelog and DRIVER_VERSION Petko Manolov 1 sibling, 1 reply; 8+ messages in thread From: Petko Manolov @ 2021-08-03 15:03 UTC (permalink / raw) To: netdev; +Cc: paskripkin, davem, gregkh, Petko Manolov From: Petko Manolov <petkan@nucleusys.com> Certain call sites of get_geristers() did not do proper error handling. This could be a problem as get_geristers() typically return the data via pointer to a buffer. If an error occured the code is carelessly manipulating the wrong data. Signed-off-by: Petko Manolov <petkan@nucleusys.com> --- drivers/net/usb/pegasus.c | 102 ++++++++++++++++++++++++++------------ 1 file changed, 70 insertions(+), 32 deletions(-) diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c index 9a907182569c..924be11ee72c 100644 --- a/drivers/net/usb/pegasus.c +++ b/drivers/net/usb/pegasus.c @@ -132,9 +132,15 @@ static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data) static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, const void *data) { - return usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REGS, + int ret; + + ret = usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REGS, PEGASUS_REQT_WRITE, 0, indx, data, size, 1000, GFP_NOIO); + if (ret < 0) + netif_dbg(pegasus, drv, pegasus->net, "%s failed with %d\n", __func__, ret); + + return ret; } /* @@ -145,10 +151,15 @@ static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data) { void *buf = &data; + int ret; - return usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REG, + ret = usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data, indx, buf, 1, 1000, GFP_NOIO); + if (ret < 0) + netif_dbg(pegasus, drv, pegasus->net, "%s failed with %d\n", __func__, ret); + + return ret; } static int update_eth_regs_async(pegasus_t *pegasus) @@ -188,10 +199,9 @@ static int update_eth_regs_async(pegasus_t *pegasus) static int __mii_op(pegasus_t *p, __u8 phy, __u8 indx, __u16 *regd, __u8 cmd) { - int i; - __u8 data[4] = { phy, 0, 0, indx }; + int i, ret = -ETIMEDOUT; __le16 regdi; - int ret = -ETIMEDOUT; + __u8 data[4] = { phy, 0, 0, indx }; if (cmd & PHY_WRITE) { __le16 *t = (__le16 *) & data[1]; @@ -211,8 +221,9 @@ static int __mii_op(pegasus_t *p, __u8 phy, __u8 indx, __u16 *regd, __u8 cmd) goto fail; if (cmd & PHY_READ) { ret = get_registers(p, PhyData, 2, ®di); + if (ret < 0) + goto fail; *regd = le16_to_cpu(regdi); - return ret; } return 0; fail: @@ -235,9 +246,13 @@ static int write_mii_word(pegasus_t *pegasus, __u8 phy, __u8 indx, __u16 *regd) static int mdio_read(struct net_device *dev, int phy_id, int loc) { pegasus_t *pegasus = netdev_priv(dev); + int ret; u16 res; - read_mii_word(pegasus, phy_id, loc, &res); + ret = read_mii_word(pegasus, phy_id, loc, &res); + if (ret < 0) + return ret; + return (int)res; } @@ -251,10 +266,9 @@ static void mdio_write(struct net_device *dev, int phy_id, int loc, int val) static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata) { - int i; - __u8 tmp = 0; + int ret, i; __le16 retdatai; - int ret; + __u8 tmp = 0; set_register(pegasus, EpromCtrl, 0); set_register(pegasus, EpromOffset, index); @@ -262,21 +276,25 @@ static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata) for (i = 0; i < REG_TIMEOUT; i++) { ret = get_registers(pegasus, EpromCtrl, 1, &tmp); + if (ret < 0) + goto fail; if (tmp & EPROM_DONE) break; - if (ret == -ESHUTDOWN) - goto fail; } - if (i >= REG_TIMEOUT) + if (i >= REG_TIMEOUT) { + ret = -ETIMEDOUT; goto fail; + } ret = get_registers(pegasus, EpromData, 2, &retdatai); + if (ret < 0) + goto fail; *retdata = le16_to_cpu(retdatai); return ret; fail: - netif_warn(pegasus, drv, pegasus->net, "%s failed\n", __func__); - return -ETIMEDOUT; + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); + return ret; } #ifdef PEGASUS_WRITE_EEPROM @@ -324,10 +342,10 @@ static int write_eprom_word(pegasus_t *pegasus, __u8 index, __u16 data) return ret; fail: - netif_warn(pegasus, drv, pegasus->net, "%s failed\n", __func__); + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); return -ETIMEDOUT; } -#endif /* PEGASUS_WRITE_EEPROM */ +#endif /* PEGASUS_WRITE_EEPROM */ static inline int get_node_id(pegasus_t *pegasus, u8 *id) { @@ -367,19 +385,21 @@ static void set_ethernet_addr(pegasus_t *pegasus) return; err: eth_hw_addr_random(pegasus->net); - dev_info(&pegasus->intf->dev, "software assigned MAC address.\n"); + netif_dbg(pegasus, drv, pegasus->net, "software assigned MAC address.\n"); return; } static inline int reset_mac(pegasus_t *pegasus) { + int ret, i; __u8 data = 0x8; - int i; set_register(pegasus, EthCtrl1, data); for (i = 0; i < REG_TIMEOUT; i++) { - get_registers(pegasus, EthCtrl1, 1, &data); + ret = get_registers(pegasus, EthCtrl1, 1, &data); + if (ret < 0) + goto fail; if (~data & 0x08) { if (loopback) break; @@ -402,22 +422,29 @@ static inline int reset_mac(pegasus_t *pegasus) } if (usb_dev_id[pegasus->dev_index].vendor == VENDOR_ELCON) { __u16 auxmode; - read_mii_word(pegasus, 3, 0x1b, &auxmode); + ret = read_mii_word(pegasus, 3, 0x1b, &auxmode); + if (ret < 0) + goto fail; auxmode |= 4; write_mii_word(pegasus, 3, 0x1b, &auxmode); } return 0; +fail: + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); + return ret; } static int enable_net_traffic(struct net_device *dev, struct usb_device *usb) { - __u16 linkpart; - __u8 data[4]; pegasus_t *pegasus = netdev_priv(dev); int ret; + __u16 linkpart; + __u8 data[4]; - read_mii_word(pegasus, pegasus->phy, MII_LPA, &linkpart); + ret = read_mii_word(pegasus, pegasus->phy, MII_LPA, &linkpart); + if (ret < 0) + goto fail; data[0] = 0xc8; /* TX & RX enable, append status, no CRC */ data[1] = 0; if (linkpart & (ADVERTISE_100FULL | ADVERTISE_10FULL)) @@ -435,11 +462,16 @@ static int enable_net_traffic(struct net_device *dev, struct usb_device *usb) usb_dev_id[pegasus->dev_index].vendor == VENDOR_LINKSYS2 || usb_dev_id[pegasus->dev_index].vendor == VENDOR_DLINK) { u16 auxmode; - read_mii_word(pegasus, 0, 0x1b, &auxmode); + ret = read_mii_word(pegasus, 0, 0x1b, &auxmode); + if (ret < 0) + goto fail; auxmode |= 4; write_mii_word(pegasus, 0, 0x1b, &auxmode); } + return 0; +fail: + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); return ret; } @@ -447,9 +479,9 @@ static void read_bulk_callback(struct urb *urb) { pegasus_t *pegasus = urb->context; struct net_device *net; + u8 *buf = urb->transfer_buffer; int rx_status, count = urb->actual_length; int status = urb->status; - u8 *buf = urb->transfer_buffer; __u16 pkt_len; if (!pegasus) @@ -998,8 +1030,7 @@ static int pegasus_ioctl(struct net_device *net, struct ifreq *rq, int cmd) data[0] = pegasus->phy; fallthrough; case SIOCDEVPRIVATE + 1: - read_mii_word(pegasus, data[0], data[1] & 0x1f, &data[3]); - res = 0; + res = read_mii_word(pegasus, data[0], data[1] & 0x1f, &data[3]); break; case SIOCDEVPRIVATE + 2: if (!capable(CAP_NET_ADMIN)) @@ -1033,22 +1064,25 @@ static void pegasus_set_multicast(struct net_device *net) static __u8 mii_phy_probe(pegasus_t *pegasus) { - int i; + int i, ret; __u16 tmp; for (i = 0; i < 32; i++) { - read_mii_word(pegasus, i, MII_BMSR, &tmp); + ret = read_mii_word(pegasus, i, MII_BMSR, &tmp) + if (ret < 0) + goto out; if (tmp == 0 || tmp == 0xffff || (tmp & BMSR_MEDIA) == 0) continue; else return i; } - +fail: return 0xff; } static inline void setup_pegasus_II(pegasus_t *pegasus) { + int ret; __u8 data = 0xa5; set_register(pegasus, Reg1d, 0); @@ -1060,7 +1094,9 @@ static inline void setup_pegasus_II(pegasus_t *pegasus) set_register(pegasus, Reg7b, 2); set_register(pegasus, 0x83, data); - get_registers(pegasus, 0x83, 1, &data); + ret = get_registers(pegasus, 0x83, 1, &data); + if (ret < 0) + goto fail; if (data == 0xa5) pegasus->chip = 0x8513; @@ -1075,6 +1111,8 @@ static inline void setup_pegasus_II(pegasus_t *pegasus) set_register(pegasus, Reg81, 6); else set_register(pegasus, Reg81, 2); +fail: + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); } static void check_carrier(struct work_struct *work) -- 2.30.2 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; 2021-08-03 15:03 ` [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; Petko Manolov @ 2021-08-03 15:28 ` Pavel Skripkin 2021-08-03 15:45 ` Petko Manolov 0 siblings, 1 reply; 8+ messages in thread From: Pavel Skripkin @ 2021-08-03 15:28 UTC (permalink / raw) To: Petko Manolov, netdev; +Cc: davem, gregkh, Petko Manolov On 8/3/21 6:03 PM, Petko Manolov wrote: > From: Petko Manolov <petkan@nucleusys.com> > > Certain call sites of get_geristers() did not do proper error handling. This > could be a problem as get_geristers() typically return the data via pointer to a > buffer. If an error occured the code is carelessly manipulating the wrong data. > > Signed-off-by: Petko Manolov <petkan@nucleusys.com> Hi, Petko! This patch looks good to me, but I found few small mistakes > --- > drivers/net/usb/pegasus.c | 102 ++++++++++++++++++++++++++------------ > 1 file changed, 70 insertions(+), 32 deletions(-) > > diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c > index 9a907182569c..924be11ee72c 100644 > --- a/drivers/net/usb/pegasus.c > +++ b/drivers/net/usb/pegasus.c > @@ -132,9 +132,15 @@ static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data) > static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, > const void *data) > { > - return usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REGS, > + int ret; > + > + ret = usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REGS, > PEGASUS_REQT_WRITE, 0, indx, data, size, > 1000, GFP_NOIO); > + if (ret < 0) > + netif_dbg(pegasus, drv, pegasus->net, "%s failed with %d\n", __func__, ret); > + > + return ret; > } > > /* > @@ -145,10 +151,15 @@ static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, > static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data) > { > void *buf = &data; > + int ret; > > - return usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REG, > + ret = usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REG, > PEGASUS_REQT_WRITE, data, indx, buf, 1, > 1000, GFP_NOIO); > + if (ret < 0) > + netif_dbg(pegasus, drv, pegasus->net, "%s failed with %d\n", __func__, ret); > + > + return ret; > } > > static int update_eth_regs_async(pegasus_t *pegasus) > @@ -188,10 +199,9 @@ static int update_eth_regs_async(pegasus_t *pegasus) > > static int __mii_op(pegasus_t *p, __u8 phy, __u8 indx, __u16 *regd, __u8 cmd) > { > - int i; > - __u8 data[4] = { phy, 0, 0, indx }; > + int i, ret = -ETIMEDOUT; > __le16 regdi; > - int ret = -ETIMEDOUT; > + __u8 data[4] = { phy, 0, 0, indx }; > > if (cmd & PHY_WRITE) { > __le16 *t = (__le16 *) & data[1]; > @@ -211,8 +221,9 @@ static int __mii_op(pegasus_t *p, __u8 phy, __u8 indx, __u16 *regd, __u8 cmd) > goto fail; ... if (i >= REG_TIMEOUT) goto fail; <--- ret needs initialization here ... > if (cmd & PHY_READ) { > ret = get_registers(p, PhyData, 2, ®di); > + if (ret < 0) > + goto fail; > *regd = le16_to_cpu(regdi); > - return ret; > } > return 0; > fail: > @@ -235,9 +246,13 @@ static int write_mii_word(pegasus_t *pegasus, __u8 phy, __u8 indx, __u16 *regd) > static int mdio_read(struct net_device *dev, int phy_id, int loc) > { > pegasus_t *pegasus = netdev_priv(dev); > + int ret; > u16 res; > > - read_mii_word(pegasus, phy_id, loc, &res); > + ret = read_mii_word(pegasus, phy_id, loc, &res); > + if (ret < 0) > + return ret; > + > return (int)res; > } > > @@ -251,10 +266,9 @@ static void mdio_write(struct net_device *dev, int phy_id, int loc, int val) > > static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata) > { > - int i; > - __u8 tmp = 0; > + int ret, i; > __le16 retdatai; > - int ret; > + __u8 tmp = 0; > > set_register(pegasus, EpromCtrl, 0); > set_register(pegasus, EpromOffset, index); > @@ -262,21 +276,25 @@ static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata) > > for (i = 0; i < REG_TIMEOUT; i++) { > ret = get_registers(pegasus, EpromCtrl, 1, &tmp); > + if (ret < 0) > + goto fail; > if (tmp & EPROM_DONE) > break; > - if (ret == -ESHUTDOWN) > - goto fail; > } > - if (i >= REG_TIMEOUT) > + if (i >= REG_TIMEOUT) { > + ret = -ETIMEDOUT; > goto fail; > + } > > ret = get_registers(pegasus, EpromData, 2, &retdatai); > + if (ret < 0) > + goto fail; > *retdata = le16_to_cpu(retdatai); > return ret; > > fail: > - netif_warn(pegasus, drv, pegasus->net, "%s failed\n", __func__); > - return -ETIMEDOUT; > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > + return ret; > } > > #ifdef PEGASUS_WRITE_EEPROM > @@ -324,10 +342,10 @@ static int write_eprom_word(pegasus_t *pegasus, __u8 index, __u16 data) > return ret; > > fail: > - netif_warn(pegasus, drv, pegasus->net, "%s failed\n", __func__); > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > return -ETIMEDOUT; > } > -#endif /* PEGASUS_WRITE_EEPROM */ > +#endif /* PEGASUS_WRITE_EEPROM */ > > static inline int get_node_id(pegasus_t *pegasus, u8 *id) > { > @@ -367,19 +385,21 @@ static void set_ethernet_addr(pegasus_t *pegasus) > return; > err: > eth_hw_addr_random(pegasus->net); > - dev_info(&pegasus->intf->dev, "software assigned MAC address.\n"); > + netif_dbg(pegasus, drv, pegasus->net, "software assigned MAC address.\n"); > > return; > } > > static inline int reset_mac(pegasus_t *pegasus) > { > + int ret, i; > __u8 data = 0x8; > - int i; > > set_register(pegasus, EthCtrl1, data); > for (i = 0; i < REG_TIMEOUT; i++) { > - get_registers(pegasus, EthCtrl1, 1, &data); > + ret = get_registers(pegasus, EthCtrl1, 1, &data); > + if (ret < 0) > + goto fail; > if (~data & 0x08) { > if (loopback) > break; > @@ -402,22 +422,29 @@ static inline int reset_mac(pegasus_t *pegasus) > } > if (usb_dev_id[pegasus->dev_index].vendor == VENDOR_ELCON) { > __u16 auxmode; > - read_mii_word(pegasus, 3, 0x1b, &auxmode); > + ret = read_mii_word(pegasus, 3, 0x1b, &auxmode); > + if (ret < 0) > + goto fail; > auxmode |= 4; > write_mii_word(pegasus, 3, 0x1b, &auxmode); > } > > return 0; > +fail: > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > + return ret; > } > > static int enable_net_traffic(struct net_device *dev, struct usb_device *usb) > { > - __u16 linkpart; > - __u8 data[4]; > pegasus_t *pegasus = netdev_priv(dev); > int ret; > + __u16 linkpart; > + __u8 data[4]; > > - read_mii_word(pegasus, pegasus->phy, MII_LPA, &linkpart); > + ret = read_mii_word(pegasus, pegasus->phy, MII_LPA, &linkpart); > + if (ret < 0) > + goto fail; > data[0] = 0xc8; /* TX & RX enable, append status, no CRC */ > data[1] = 0; > if (linkpart & (ADVERTISE_100FULL | ADVERTISE_10FULL)) > @@ -435,11 +462,16 @@ static int enable_net_traffic(struct net_device *dev, struct usb_device *usb) > usb_dev_id[pegasus->dev_index].vendor == VENDOR_LINKSYS2 || > usb_dev_id[pegasus->dev_index].vendor == VENDOR_DLINK) { > u16 auxmode; > - read_mii_word(pegasus, 0, 0x1b, &auxmode); > + ret = read_mii_word(pegasus, 0, 0x1b, &auxmode); > + if (ret < 0) > + goto fail; > auxmode |= 4; > write_mii_word(pegasus, 0, 0x1b, &auxmode); > } > > + return 0; > +fail: > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > return ret; > } > > @@ -447,9 +479,9 @@ static void read_bulk_callback(struct urb *urb) > { > pegasus_t *pegasus = urb->context; > struct net_device *net; > + u8 *buf = urb->transfer_buffer; > int rx_status, count = urb->actual_length; > int status = urb->status; > - u8 *buf = urb->transfer_buffer; > __u16 pkt_len; > > if (!pegasus) > @@ -998,8 +1030,7 @@ static int pegasus_ioctl(struct net_device *net, struct ifreq *rq, int cmd) > data[0] = pegasus->phy; > fallthrough; > case SIOCDEVPRIVATE + 1: > - read_mii_word(pegasus, data[0], data[1] & 0x1f, &data[3]); > - res = 0; > + res = read_mii_word(pegasus, data[0], data[1] & 0x1f, &data[3]); > break; > case SIOCDEVPRIVATE + 2: > if (!capable(CAP_NET_ADMIN)) > @@ -1033,22 +1064,25 @@ static void pegasus_set_multicast(struct net_device *net) > > static __u8 mii_phy_probe(pegasus_t *pegasus) > { > - int i; > + int i, ret; > __u16 tmp; > > for (i = 0; i < 32; i++) { > - read_mii_word(pegasus, i, MII_BMSR, &tmp); > + ret = read_mii_word(pegasus, i, MII_BMSR, &tmp) Semicolon missing > + if (ret < 0) > + goto out; Should be "goto fail;" > if (tmp == 0 || tmp == 0xffff || (tmp & BMSR_MEDIA) == 0) > continue; > else > return i; > } > - > +fail: > return 0xff; > } > > static inline void setup_pegasus_II(pegasus_t *pegasus) > { > + int ret; > __u8 data = 0xa5; > > set_register(pegasus, Reg1d, 0); > @@ -1060,7 +1094,9 @@ static inline void setup_pegasus_II(pegasus_t *pegasus) > set_register(pegasus, Reg7b, 2); > > set_register(pegasus, 0x83, data); > - get_registers(pegasus, 0x83, 1, &data); > + ret = get_registers(pegasus, 0x83, 1, &data); > + if (ret < 0) > + goto fail; > > if (data == 0xa5) > pegasus->chip = 0x8513; > @@ -1075,6 +1111,8 @@ static inline void setup_pegasus_II(pegasus_t *pegasus) > set_register(pegasus, Reg81, 6); > else > set_register(pegasus, Reg81, 2); There should be "return" before fail label, I guess. > +fail: > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > } > > static void check_carrier(struct work_struct *work) > With regards, Pavel Skripkin ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; 2021-08-03 15:28 ` Pavel Skripkin @ 2021-08-03 15:45 ` Petko Manolov 2021-08-03 15:46 ` Pavel Skripkin 0 siblings, 1 reply; 8+ messages in thread From: Petko Manolov @ 2021-08-03 15:45 UTC (permalink / raw) To: Pavel Skripkin; +Cc: netdev, davem, gregkh, Petko Manolov On 21-08-03 18:28:55, Pavel Skripkin wrote: > On 8/3/21 6:03 PM, Petko Manolov wrote: > > From: Petko Manolov <petkan@nucleusys.com> > > > > Certain call sites of get_geristers() did not do proper error handling. This > > could be a problem as get_geristers() typically return the data via pointer to a > > buffer. If an error occured the code is carelessly manipulating the wrong data. > > > > Signed-off-by: Petko Manolov <petkan@nucleusys.com> > > Hi, Petko! > > This patch looks good to me, but I found few small mistakes Yeah, the patch was never compiled. Sorry about it. v2 is coming up. > > --- > > drivers/net/usb/pegasus.c | 102 ++++++++++++++++++++++++++------------ > > 1 file changed, 70 insertions(+), 32 deletions(-) > > > > diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c > > index 9a907182569c..924be11ee72c 100644 > > --- a/drivers/net/usb/pegasus.c > > +++ b/drivers/net/usb/pegasus.c > > @@ -132,9 +132,15 @@ static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data) > > static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, > > const void *data) > > { > > - return usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REGS, > > + int ret; > > + > > + ret = usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REGS, > > PEGASUS_REQT_WRITE, 0, indx, data, size, > > 1000, GFP_NOIO); > > + if (ret < 0) > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed with %d\n", __func__, ret); > > + > > + return ret; > > } > > /* > > @@ -145,10 +151,15 @@ static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, > > static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data) > > { > > void *buf = &data; > > + int ret; > > - return usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REG, > > + ret = usb_control_msg_send(pegasus->usb, 0, PEGASUS_REQ_SET_REG, > > PEGASUS_REQT_WRITE, data, indx, buf, 1, > > 1000, GFP_NOIO); > > + if (ret < 0) > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed with %d\n", __func__, ret); > > + > > + return ret; > > } > > static int update_eth_regs_async(pegasus_t *pegasus) > > @@ -188,10 +199,9 @@ static int update_eth_regs_async(pegasus_t *pegasus) > > static int __mii_op(pegasus_t *p, __u8 phy, __u8 indx, __u16 *regd, __u8 cmd) > > { > > - int i; > > - __u8 data[4] = { phy, 0, 0, indx }; > > + int i, ret = -ETIMEDOUT; > > __le16 regdi; > > - int ret = -ETIMEDOUT; > > + __u8 data[4] = { phy, 0, 0, indx }; > > if (cmd & PHY_WRITE) { > > __le16 *t = (__le16 *) & data[1]; > > @@ -211,8 +221,9 @@ static int __mii_op(pegasus_t *p, __u8 phy, __u8 indx, __u16 *regd, __u8 cmd) > > goto fail; > > ... > > if (i >= REG_TIMEOUT) > goto fail; <--- ret needs initialization here > > ... It actually is, i just shuffled the var definitions. > > if (cmd & PHY_READ) { > > ret = get_registers(p, PhyData, 2, ®di); > > + if (ret < 0) > > + goto fail; > > *regd = le16_to_cpu(regdi); > > - return ret; > > } > > return 0; > > fail: > > @@ -235,9 +246,13 @@ static int write_mii_word(pegasus_t *pegasus, __u8 phy, __u8 indx, __u16 *regd) > > static int mdio_read(struct net_device *dev, int phy_id, int loc) > > { > > pegasus_t *pegasus = netdev_priv(dev); > > + int ret; > > u16 res; > > - read_mii_word(pegasus, phy_id, loc, &res); > > + ret = read_mii_word(pegasus, phy_id, loc, &res); > > + if (ret < 0) > > + return ret; > > + > > return (int)res; > > } > > @@ -251,10 +266,9 @@ static void mdio_write(struct net_device *dev, int phy_id, int loc, int val) > > static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata) > > { > > - int i; > > - __u8 tmp = 0; > > + int ret, i; > > __le16 retdatai; > > - int ret; > > + __u8 tmp = 0; > > set_register(pegasus, EpromCtrl, 0); > > set_register(pegasus, EpromOffset, index); > > @@ -262,21 +276,25 @@ static int read_eprom_word(pegasus_t *pegasus, __u8 index, __u16 *retdata) > > for (i = 0; i < REG_TIMEOUT; i++) { > > ret = get_registers(pegasus, EpromCtrl, 1, &tmp); > > + if (ret < 0) > > + goto fail; > > if (tmp & EPROM_DONE) > > break; > > - if (ret == -ESHUTDOWN) > > - goto fail; > > } > > - if (i >= REG_TIMEOUT) > > + if (i >= REG_TIMEOUT) { > > + ret = -ETIMEDOUT; > > goto fail; > > + } > > ret = get_registers(pegasus, EpromData, 2, &retdatai); > > + if (ret < 0) > > + goto fail; > > *retdata = le16_to_cpu(retdatai); > > return ret; > > fail: > > - netif_warn(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > - return -ETIMEDOUT; > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > + return ret; > > } > > #ifdef PEGASUS_WRITE_EEPROM > > @@ -324,10 +342,10 @@ static int write_eprom_word(pegasus_t *pegasus, __u8 index, __u16 data) > > return ret; > > fail: > > - netif_warn(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > return -ETIMEDOUT; > > } > > -#endif /* PEGASUS_WRITE_EEPROM */ > > +#endif /* PEGASUS_WRITE_EEPROM */ > > static inline int get_node_id(pegasus_t *pegasus, u8 *id) > > { > > @@ -367,19 +385,21 @@ static void set_ethernet_addr(pegasus_t *pegasus) > > return; > > err: > > eth_hw_addr_random(pegasus->net); > > - dev_info(&pegasus->intf->dev, "software assigned MAC address.\n"); > > + netif_dbg(pegasus, drv, pegasus->net, "software assigned MAC address.\n"); > > return; > > } > > static inline int reset_mac(pegasus_t *pegasus) > > { > > + int ret, i; > > __u8 data = 0x8; > > - int i; > > set_register(pegasus, EthCtrl1, data); > > for (i = 0; i < REG_TIMEOUT; i++) { > > - get_registers(pegasus, EthCtrl1, 1, &data); > > + ret = get_registers(pegasus, EthCtrl1, 1, &data); > > + if (ret < 0) > > + goto fail; > > if (~data & 0x08) { > > if (loopback) > > break; > > @@ -402,22 +422,29 @@ static inline int reset_mac(pegasus_t *pegasus) > > } > > if (usb_dev_id[pegasus->dev_index].vendor == VENDOR_ELCON) { > > __u16 auxmode; > > - read_mii_word(pegasus, 3, 0x1b, &auxmode); > > + ret = read_mii_word(pegasus, 3, 0x1b, &auxmode); > > + if (ret < 0) > > + goto fail; > > auxmode |= 4; > > write_mii_word(pegasus, 3, 0x1b, &auxmode); > > } > > return 0; > > +fail: > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > + return ret; > > } > > static int enable_net_traffic(struct net_device *dev, struct usb_device *usb) > > { > > - __u16 linkpart; > > - __u8 data[4]; > > pegasus_t *pegasus = netdev_priv(dev); > > int ret; > > + __u16 linkpart; > > + __u8 data[4]; > > - read_mii_word(pegasus, pegasus->phy, MII_LPA, &linkpart); > > + ret = read_mii_word(pegasus, pegasus->phy, MII_LPA, &linkpart); > > + if (ret < 0) > > + goto fail; > > data[0] = 0xc8; /* TX & RX enable, append status, no CRC */ > > data[1] = 0; > > if (linkpart & (ADVERTISE_100FULL | ADVERTISE_10FULL)) > > @@ -435,11 +462,16 @@ static int enable_net_traffic(struct net_device *dev, struct usb_device *usb) > > usb_dev_id[pegasus->dev_index].vendor == VENDOR_LINKSYS2 || > > usb_dev_id[pegasus->dev_index].vendor == VENDOR_DLINK) { > > u16 auxmode; > > - read_mii_word(pegasus, 0, 0x1b, &auxmode); > > + ret = read_mii_word(pegasus, 0, 0x1b, &auxmode); > > + if (ret < 0) > > + goto fail; > > auxmode |= 4; > > write_mii_word(pegasus, 0, 0x1b, &auxmode); > > } > > + return 0; > > +fail: > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > return ret; > > } > > @@ -447,9 +479,9 @@ static void read_bulk_callback(struct urb *urb) > > { > > pegasus_t *pegasus = urb->context; > > struct net_device *net; > > + u8 *buf = urb->transfer_buffer; > > int rx_status, count = urb->actual_length; > > int status = urb->status; > > - u8 *buf = urb->transfer_buffer; > > __u16 pkt_len; > > if (!pegasus) > > @@ -998,8 +1030,7 @@ static int pegasus_ioctl(struct net_device *net, struct ifreq *rq, int cmd) > > data[0] = pegasus->phy; > > fallthrough; > > case SIOCDEVPRIVATE + 1: > > - read_mii_word(pegasus, data[0], data[1] & 0x1f, &data[3]); > > - res = 0; > > + res = read_mii_word(pegasus, data[0], data[1] & 0x1f, &data[3]); > > break; > > case SIOCDEVPRIVATE + 2: > > if (!capable(CAP_NET_ADMIN)) > > @@ -1033,22 +1064,25 @@ static void pegasus_set_multicast(struct net_device *net) > > static __u8 mii_phy_probe(pegasus_t *pegasus) > > { > > - int i; > > + int i, ret; > > __u16 tmp; > > for (i = 0; i < 32; i++) { > > - read_mii_word(pegasus, i, MII_BMSR, &tmp); > > + ret = read_mii_word(pegasus, i, MII_BMSR, &tmp) > > Semicolon missing > > > + if (ret < 0) > > + goto out; > > > Should be "goto fail;" > > > if (tmp == 0 || tmp == 0xffff || (tmp & BMSR_MEDIA) == 0) > > continue; > > else > > return i; > > } > > - > > +fail: > > return 0xff; > > } > > static inline void setup_pegasus_II(pegasus_t *pegasus) > > { > > + int ret; > > __u8 data = 0xa5; > > set_register(pegasus, Reg1d, 0); > > @@ -1060,7 +1094,9 @@ static inline void setup_pegasus_II(pegasus_t *pegasus) > > set_register(pegasus, Reg7b, 2); > > set_register(pegasus, 0x83, data); > > - get_registers(pegasus, 0x83, 1, &data); > > + ret = get_registers(pegasus, 0x83, 1, &data); > > + if (ret < 0) > > + goto fail; > > if (data == 0xa5) > > pegasus->chip = 0x8513; > > @@ -1075,6 +1111,8 @@ static inline void setup_pegasus_II(pegasus_t *pegasus) > > set_register(pegasus, Reg81, 6); > > else > > set_register(pegasus, Reg81, 2); > > There should be "return" before fail label, I guess. > > > +fail: > > + netif_dbg(pegasus, drv, pegasus->net, "%s failed\n", __func__); > > } > > static void check_carrier(struct work_struct *work) > > > > > > > With regards, > Pavel Skripkin thanks, Petko ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; 2021-08-03 15:45 ` Petko Manolov @ 2021-08-03 15:46 ` Pavel Skripkin 2021-08-03 16:15 ` Petko Manolov 0 siblings, 1 reply; 8+ messages in thread From: Pavel Skripkin @ 2021-08-03 15:46 UTC (permalink / raw) To: netdev, davem, gregkh, Petko Manolov On 8/3/21 6:45 PM, Petko Manolov wrote: > On 21-08-03 18:28:55, Pavel Skripkin wrote: >> On 8/3/21 6:03 PM, Petko Manolov wrote: >> > From: Petko Manolov <petkan@nucleusys.com> >> > >> > Certain call sites of get_geristers() did not do proper error handling. This >> > could be a problem as get_geristers() typically return the data via pointer to a >> > buffer. If an error occured the code is carelessly manipulating the wrong data. >> > >> > Signed-off-by: Petko Manolov <petkan@nucleusys.com> >> >> Hi, Petko! >> >> This patch looks good to me, but I found few small mistakes > > Yeah, the patch was never compiled. Sorry about it. v2 is coming up. > BTW: should this also go to stable with Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")? With regards, Pavel Skripkin ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; 2021-08-03 15:46 ` Pavel Skripkin @ 2021-08-03 16:15 ` Petko Manolov 0 siblings, 0 replies; 8+ messages in thread From: Petko Manolov @ 2021-08-03 16:15 UTC (permalink / raw) To: Pavel Skripkin; +Cc: netdev, davem, gregkh, Petko Manolov On 21-08-03 18:46:36, Pavel Skripkin wrote: > On 8/3/21 6:45 PM, Petko Manolov wrote: > > On 21-08-03 18:28:55, Pavel Skripkin wrote: > > > On 8/3/21 6:03 PM, Petko Manolov wrote: > > > > From: Petko Manolov <petkan@nucleusys.com> > > > > > Certain call sites of get_geristers() did not do proper error > > > handling. This > > > > could be a problem as get_geristers() typically return the data via pointer to a > > > > buffer. If an error occured the code is carelessly manipulating the wrong data. > > > > > Signed-off-by: Petko Manolov <petkan@nucleusys.com> > > > > > > Hi, Petko! > > > > > > This patch looks good to me, but I found few small mistakes > > > > Yeah, the patch was never compiled. Sorry about it. v2 is coming up. > > > > BTW: should this also go to stable with Fixes: 1da177e4c3f4 > ("Linux-2.6.12-rc2")? Yeah, i think so. Apparently the issues this patch fixes have not manifested themselves very frequently. Either that or nobody is using this driver now. :) Anyway, the bugs are real and fixes going to the stable series is well justified. Thanks a bunch for the review. cheers, Petko ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH net 2/2] net: usb: pegasus: Remove the changelog and DRIVER_VERSION. 2021-08-03 15:03 [PATCH net 0/2] net: usb: pegasus: better error checking and DRIVER_VERSION removal Petko Manolov 2021-08-03 15:03 ` [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; Petko Manolov @ 2021-08-03 15:03 ` Petko Manolov 2021-08-03 16:51 ` Greg KH 1 sibling, 1 reply; 8+ messages in thread From: Petko Manolov @ 2021-08-03 15:03 UTC (permalink / raw) To: netdev; +Cc: paskripkin, davem, gregkh, Petko Manolov From: Petko Manolov <petkan@nucleusys.com> These are now deemed redundant. Signed-off-by: Petko Manolov <petkan@nucleusys.com> --- drivers/net/usb/pegasus.c | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c index 924be11ee72c..83260f283a9d 100644 --- a/drivers/net/usb/pegasus.c +++ b/drivers/net/usb/pegasus.c @@ -1,31 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (c) 1999-2013 Petko Manolov (petkan@nucleusys.com) + * Copyright (c) 1999-2021 Petko Manolov (petkan@nucleusys.com) * - * ChangeLog: - * .... Most of the time spent on reading sources & docs. - * v0.2.x First official release for the Linux kernel. - * v0.3.0 Beutified and structured, some bugs fixed. - * v0.3.x URBifying bulk requests and bugfixing. First relatively - * stable release. Still can touch device's registers only - * from top-halves. - * v0.4.0 Control messages remained unurbified are now URBs. - * Now we can touch the HW at any time. - * v0.4.9 Control urbs again use process context to wait. Argh... - * Some long standing bugs (enable_net_traffic) fixed. - * Also nasty trick about resubmiting control urb from - * interrupt context used. Please let me know how it - * behaves. Pegasus II support added since this version. - * TODO: suppressing HCD warnings spewage on disconnect. - * v0.4.13 Ethernet address is now set at probe(), not at open() - * time as this seems to break dhcpd. - * v0.5.0 branch to 2.5.x kernels - * v0.5.1 ethtool support added - * v0.5.5 rx socket buffers are in a pool and the their allocation - * is out of the interrupt routine. - * ... - * v0.9.3 simplified [get|set]_register(s), async update registers - * logic revisited, receive skb_pool removed. */ #include <linux/sched.h> @@ -45,7 +21,6 @@ /* * Version Information */ -#define DRIVER_VERSION "v0.9.3 (2013/04/25)" #define DRIVER_AUTHOR "Petko Manolov <petkan@nucleusys.com>" #define DRIVER_DESC "Pegasus/Pegasus II USB Ethernet driver" @@ -912,7 +887,6 @@ static void pegasus_get_drvinfo(struct net_device *dev, pegasus_t *pegasus = netdev_priv(dev); strlcpy(info->driver, driver_name, sizeof(info->driver)); - strlcpy(info->version, DRIVER_VERSION, sizeof(info->version)); usb_make_path(pegasus->usb, info->bus_info, sizeof(info->bus_info)); } @@ -1334,7 +1308,7 @@ static void __init parse_id(char *id) static int __init pegasus_init(void) { - pr_info("%s: %s, " DRIVER_DESC "\n", driver_name, DRIVER_VERSION); + pr_info("%s: " DRIVER_DESC "\n", driver_name); if (devid) parse_id(devid); return usb_register(&pegasus_driver); -- 2.30.2 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH net 2/2] net: usb: pegasus: Remove the changelog and DRIVER_VERSION. 2021-08-03 15:03 ` [PATCH net 2/2] net: usb: pegasus: Remove the changelog and DRIVER_VERSION Petko Manolov @ 2021-08-03 16:51 ` Greg KH 0 siblings, 0 replies; 8+ messages in thread From: Greg KH @ 2021-08-03 16:51 UTC (permalink / raw) To: Petko Manolov; +Cc: netdev, paskripkin, davem, Petko Manolov On Tue, Aug 03, 2021 at 06:03:17PM +0300, Petko Manolov wrote: > From: Petko Manolov <petkan@nucleusys.com> > > These are now deemed redundant. > > Signed-off-by: Petko Manolov <petkan@nucleusys.com> > --- > drivers/net/usb/pegasus.c | 30 ++---------------------------- > 1 file changed, 2 insertions(+), 28 deletions(-) Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-08-03 16:51 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-08-03 15:03 [PATCH net 0/2] net: usb: pegasus: better error checking and DRIVER_VERSION removal Petko Manolov 2021-08-03 15:03 ` [PATCH net 1/2] net: usb: pegasus: Check the return value of get_geristers() and friends; Petko Manolov 2021-08-03 15:28 ` Pavel Skripkin 2021-08-03 15:45 ` Petko Manolov 2021-08-03 15:46 ` Pavel Skripkin 2021-08-03 16:15 ` Petko Manolov 2021-08-03 15:03 ` [PATCH net 2/2] net: usb: pegasus: Remove the changelog and DRIVER_VERSION Petko Manolov 2021-08-03 16:51 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).