Re: [PATCH v3 03/12] usb: misc: cytherm: update to use usb_control_msg_recv()
From: Johan Hovold
Date: Wed Jan 27 2021 - 09:22:50 EST
On Wed, Jan 27, 2021 at 12:03:54AM +0530, Anant Thazhemadam wrote:
> The newer usb_control_msg_{send|recv}() API are an improvement on the
> existing usb_control_msg() as it ensures that a short read/write is treated
> as an error, data can be used off the stack, and raw usb pipes need not be
> created in the calling functions.
> For this reason, the instance of usb_control_msg() has been replaced with
> usb_control_msg_recv().
>
> The return value checking enforced by callers of the updated function have
> also been appropriately updated.
>
> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@xxxxxxxxx>
> ---
> drivers/usb/misc/cytherm.c | 128 +++++++++++++------------------------
> 1 file changed, 43 insertions(+), 85 deletions(-)
>
> diff --git a/drivers/usb/misc/cytherm.c b/drivers/usb/misc/cytherm.c
> index 3e3802aaefa3..2ca36ea5b76a 100644
> --- a/drivers/usb/misc/cytherm.c
> +++ b/drivers/usb/misc/cytherm.c
> @@ -51,12 +51,12 @@ static int vendor_command(struct usb_device *dev, unsigned char request,
> unsigned char value, unsigned char index,
> void *buf, int size)
> {
> - return usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
> - request,
> - USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_OTHER,
> - value,
> - index, buf, size,
> - USB_CTRL_GET_TIMEOUT);
> + return usb_control_msg_recv(dev, 0,
> + request,
> + USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_OTHER,
> + value,
> + index, buf, size,
> + USB_CTRL_GET_TIMEOUT, GFP_KERNEL);
> }
>
>
> @@ -78,33 +78,27 @@ static ssize_t brightness_store(struct device *dev, struct device_attribute *att
> struct usb_interface *intf = to_usb_interface(dev);
> struct usb_cytherm *cytherm = usb_get_intfdata(intf);
>
> - unsigned char *buffer;
> + unsigned char buffer[8];
> int retval;
> -
> - buffer = kmalloc(8, GFP_KERNEL);
> - if (!buffer)
> - return 0;
>
> cytherm->brightness = simple_strtoul(buf, NULL, 10);
> -
> +
> if (cytherm->brightness > 0xFF)
> cytherm->brightness = 0xFF;
> else if (cytherm->brightness < 0)
> cytherm->brightness = 0;
> -
> +
> /* Set brightness */
> retval = vendor_command(cytherm->udev, WRITE_RAM, BRIGHTNESS,
> - cytherm->brightness, buffer, 8);
> - if (retval)
> - dev_dbg(&cytherm->udev->dev, "retval = %d\n", retval);
> + cytherm->brightness, &buffer, 8);
> + if (!retval)
> + dev_dbg(&cytherm->udev->dev, "brightness set correctly\n");
> /* Inform µC that we have changed the brightness setting */
> retval = vendor_command(cytherm->udev, WRITE_RAM, BRIGHTNESS_SEM,
> - 0x01, buffer, 8);
> - if (retval)
> - dev_dbg(&cytherm->udev->dev, "retval = %d\n", retval);
> -
> - kfree(buffer);
> -
> + 0x01, &buffer, 8);
> + if (!retval)
> + dev_dbg(&cytherm->udev->dev, "µC informed of change in brightness setting\n");
> +
> return count;
> }
This driver looks like it could have the same origin as the one touched
by the previous patch, and likewise this patch suffers from a similar
problem in that the driver always provides an 8-byte buffer but appears
to expect short reads (which would no be treated as errors).
You could consider adding the missing short read sanity checks, but
I'm afraid the new helpers are not a good fit here either.
Johan