| Message ID | 1587524232-118733-1-git-send-email-zou_wei@huawei.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [-next] scsi: aacraid: Use memdup_user() as a cleanup | expand |
Zou, > diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c > index ffe41bc..1ce1620 100644 > --- a/drivers/scsi/aacraid/commctrl.c > +++ b/drivers/scsi/aacraid/commctrl.c > @@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) > goto cleanup; > } > > - user_srbcmd = kmalloc(fibsize, GFP_KERNEL); > - if (!user_srbcmd) { > - dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); > - rcode = -ENOMEM; > - goto cleanup; > - } > - if(copy_from_user(user_srbcmd, user_srb,fibsize)){ > - dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); > - rcode = -EFAULT; > - goto cleanup; > - } > + user_srbcmd = memdup_user(user_srb, fibsize); > + if (IS_ERR(user_srbcmd)) > + return PTR_ERR(user_srbcmd); > > flags = user_srbcmd->flags; /* from user in cpu order */ > switch (flags & (SRB_DataIn | SRB_DataOut)) { This is not equivalent, is it? The original code does a goto cleanup; whereas your patch returns on error.
Hi Martin, Thanks for your review and reply. You are right, it is not equivalent. I will keep the original goto cleanup. But the return value is changed to use of PTR_ERR (user_srbcmd), and assign it to rcode. I will send the v2 soon later On 2020/4/25 6:23, Martin K. Petersen wrote: > > Zou, > >> diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c >> index ffe41bc..1ce1620 100644 >> --- a/drivers/scsi/aacraid/commctrl.c >> +++ b/drivers/scsi/aacraid/commctrl.c >> @@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) >> goto cleanup; >> } >> >> - user_srbcmd = kmalloc(fibsize, GFP_KERNEL); >> - if (!user_srbcmd) { >> - dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); >> - rcode = -ENOMEM; >> - goto cleanup; >> - } >> - if(copy_from_user(user_srbcmd, user_srb,fibsize)){ >> - dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); >> - rcode = -EFAULT; >> - goto cleanup; >> - } >> + user_srbcmd = memdup_user(user_srb, fibsize); >> + if (IS_ERR(user_srbcmd)) >> + return PTR_ERR(user_srbcmd); >> >> flags = user_srbcmd->flags; /* from user in cpu order */ >> switch (flags & (SRB_DataIn | SRB_DataOut)) { > > This is not equivalent, is it? The original code does a goto cleanup; > whereas your patch returns on error. >
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index ffe41bc..1ce1620 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -513,17 +513,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) goto cleanup; } - user_srbcmd = kmalloc(fibsize, GFP_KERNEL); - if (!user_srbcmd) { - dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); - rcode = -ENOMEM; - goto cleanup; - } - if(copy_from_user(user_srbcmd, user_srb,fibsize)){ - dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); - rcode = -EFAULT; - goto cleanup; - } + user_srbcmd = memdup_user(user_srb, fibsize); + if (IS_ERR(user_srbcmd)) + return PTR_ERR(user_srbcmd); flags = user_srbcmd->flags; /* from user in cpu order */ switch (flags & (SRB_DataIn | SRB_DataOut)) {
Fix coccicheck warning which recommends to use memdup_user(). This patch fixes the following coccicheck warnings: drivers/scsi/aacraid/commctrl.c:516:15-22: WARNING opportunity for memdup_user Fixes: 4645df1035b3 ("[PATCH] aacraid: swapped kmalloc args.") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zou Wei <zou_wei@huawei.com> --- drivers/scsi/aacraid/commctrl.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-)