Re: [PATCH] gpiolib: sanitize flags before allocating memory in lineevent_create()

From: Bartosz Golaszewski
Date: Tue Oct 01 2019 - 06:08:20 EST

Next message: hch@xxxxxxxxxxxxx: "Re: [v6 PATCH] RISC-V: Remove unsupported isa string info print"
Previous message: Andrew Murray: "Re: [PATCH] PCI:cadence:Driver refactored to use as a core library."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

pon., 16 wrz 2019 o 11:46 Bartosz Golaszewski <brgl@xxxxxxxx> napisaÅ(a):
>
> From: Bartosz Golaszewski <bgolaszewski@xxxxxxxxxxxx>
>
> Move all the flags sanitization before any memory allocation in
> lineevent_create() in order to remove a couple unneeded gotos.
>
> Signed-off-by: Bartosz Golaszewski <bgolaszewski@xxxxxxxxxxxx>
> ---
> drivers/gpio/gpiolib.c | 42 ++++++++++++++++++------------------------
> 1 file changed, 18 insertions(+), 24 deletions(-)
>
> diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
> index d9074191edef..194b0bcdcfb7 100644
> --- a/drivers/gpio/gpiolib.c
> +++ b/drivers/gpio/gpiolib.c
> @@ -899,6 +899,24 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
>
> if (copy_from_user(&eventreq, ip, sizeof(eventreq)))
> return -EFAULT;
> +
> + offset = eventreq.lineoffset;
> + lflags = eventreq.handleflags;
> + eflags = eventreq.eventflags;
> +
> + if (offset >= gdev->ngpio)
> + return -EINVAL;
> +
> + /* Return an error if a unknown flag is set */
> + if ((lflags & ~GPIOHANDLE_REQUEST_VALID_FLAGS) ||
> + (eflags & ~GPIOEVENT_REQUEST_VALID_FLAGS))
> + return -EINVAL;
> +
> + /* This is just wrong: we don't look for events on output lines */
> + if ((lflags & GPIOHANDLE_REQUEST_OUTPUT) ||
> + (lflags & GPIOHANDLE_REQUEST_OPEN_DRAIN) ||
> + (lflags & GPIOHANDLE_REQUEST_OPEN_SOURCE))
> + return -EINVAL;
>
> le = kzalloc(sizeof(*le), GFP_KERNEL);
> if (!le)
> @@ -917,30 +935,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip)
> }
> }
>
> - offset = eventreq.lineoffset;
> - lflags = eventreq.handleflags;
> - eflags = eventreq.eventflags;
> -
> - if (offset >= gdev->ngpio) {
> - ret = -EINVAL;
> - goto out_free_label;
> - }
> -
> - /* Return an error if a unknown flag is set */
> - if ((lflags & ~GPIOHANDLE_REQUEST_VALID_FLAGS) ||
> - (eflags & ~GPIOEVENT_REQUEST_VALID_FLAGS)) {
> - ret = -EINVAL;
> - goto out_free_label;
> - }
> -
> - /* This is just wrong: we don't look for events on output lines */
> - if ((lflags & GPIOHANDLE_REQUEST_OUTPUT) ||
> - (lflags & GPIOHANDLE_REQUEST_OPEN_DRAIN) ||
> - (lflags & GPIOHANDLE_REQUEST_OPEN_SOURCE)) {
> - ret = -EINVAL;
> - goto out_free_label;
> - }
> -
> desc = &gdev->descs[offset];
> ret = gpiod_request(desc, le->label);
> if (ret)
> --
> 2.21.0
>

Patch applied.

Bart

Next message: hch@xxxxxxxxxxxxx: "Re: [v6 PATCH] RISC-V: Remove unsupported isa string info print"
Previous message: Andrew Murray: "Re: [PATCH] PCI:cadence:Driver refactored to use as a core library."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]