From patchwork Mon Aug 26 12:29:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Edward Adam Davis X-Patchwork-Id: 13777826 Received: from out162-62-58-216.mail.qq.com (out162-62-58-216.mail.qq.com [162.62.58.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4639F171E76; Mon, 26 Aug 2024 12:38:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.58.216 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724675913; cv=none; b=hVrx5+KYscRYhrncF1M9w70V4ndrRnKxXRSm1XkKfkJu9ofqqw/M85VGpIRVjhiHcPujWfw0Yx3thKKJfjHZArgz0tnOd4EvK7d5UYMZy8GvIWc8A2QESxmVCu/RtCk0aHwzhjvWpUd2j3dl2+SXN1tvoy5gqp89FeRgMqPBcJI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724675913; c=relaxed/simple; bh=ccZU3a24KVP9awOdU/7n6f47/VRFRXbCEIAY3d6o7uM=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=ET1ItSPjN0kpV1b6U5Y0XjkfLouMjJ7s2lZGthgb7/ktbxj1D2CNJGICSLtP5IPy5Uik/zO071g4WPdl51FGLuKANNKF23I9kgyySL/G78lecNi3cVZ4+WZ2oDlYysXnPow20kSlxnZglWA0TAMJE2RQA/QOZd8BNU0H7vpjiEg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=AKa1LhDu; arc=none smtp.client-ip=162.62.58.216 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="AKa1LhDu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1724675901; bh=bYvkknN4lY/PzXuYKt7WBFdDB1eWxCqDPPaUzeINxOc=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=AKa1LhDuu94LHVfbg0hR+EgLYjj+FSJ0yLKSd8dYrrLgp6BkPtsTdbqavgK1cujh+ Zu7fXp3/VW73oXsJ5NXr6R6HSHzgXA1Y+GGmHHXF9W4igJgqJpcPTE3Ol+k62WbD/H PViyEtI1Z9J32JfnhlXqMdt76A2s5G8vFT9cbnNQ= Received: from pek-lxu-l1.wrs.com ([111.198.225.4]) by newxmesmtplogicsvrszb16-1.qq.com (NewEsmtp) with SMTP id 778048C4; Mon, 26 Aug 2024 20:29:56 +0800 X-QQ-mid: xmsmtpt1724675396tfbb2x19n Message-ID: X-QQ-XMAILINFO: Nt+cTZuZCMyifgW/cBI/x1hPaZW8fHRofdlp7vzxjxMSaBHKfGA2U52/pNBcXt c0gNrQEiHAU2/aOjUWyOzz+eEEEH8OqV9aVTj5AmQJv0XC2g4tEZKs6D7bVI1tkjrq3mUDVL3OBf vQ7MUcMclu0fhkMJ1caJXTv0aEQ1jtF4Gt+PFTfsg2BtVdXZXsCM7JDhfHi9u5aavNu2Chs4uzdZ dlbqzycDFN0IPxHxtomRRSoUyBMEqTdlHDdqGtUzGLXM7gmuFzcwlfEcKtjNY7u50Va9lrwidTub MenScq2pjM990xwkK/YTFOdKTnLSJry4FBR7OMa1g1CGPvBk/fye4gGs3GDN4jtWRpf9gn8wOumz aBPL3QIB37l/BFiKWGAtjDcLD1I+bRqziz1Z5u52rxIY/ImrY1WDCNipVZ4WJXnPbHBtD12NMp4p ASmUPxao7NYt7eVbpp7uiPO1oz9CultHFG1grFL/I2KTKmg5vfO2+6O3HQfmgG+2ZiUS297KSn4j 3wml4bBrxHX2Ue25tOJWL4hm6r6H90acny79hvG+lZuYNSr4B98PCImj64ROwZJbWHgvqvdqy71B h4PDgwlJ7mqcaWc5BMAOIFHCOOUunBdt0qI6TrM8eKynN7+koYz4c5a7bXd0yEkXstF2uPs9YISg fP2SHBAxqpb9FmQ3B22gu71moyM+ZCnrAt5tF+lamf4uV1nwt433RKhwdgG+daANnrNSh0Zy3XWK WKXfBCvppnluQmrZhff5D8j4bOczt6PJKyQqs9LVRLM3+4wlNfap2ueB8kam+ZuN/qyMEohgGkUO D6hisb7ZSMXNguNYfayUPFZ4EDu9Z210S3TgeW6YvhtgK8MKl8mQlO8SGZLPNEqprCIrRxAnkkGy 7ylgkh/v45Z7hCe6ag60srK972gnz48AK55tO8iZrbULNpjh2FNi3RDR4H7H7do2qESU79SXsjhn 2wYrSAZsmoMMLFSg0O4+m29/deROYVnplL2HFp9Cidp+CR3Y0xFw== X-QQ-XMRINFO: OD9hHCdaPRBwq3WW+NvGbIU= From: Edward Adam Davis To: gregkh@linuxfoundation.org Cc: eadavis@qq.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, sergei.shtylyov@gmail.com, syzbot+92c6dd14aaa230be6855@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com Subject: [PATCH V4 1/2] wifi: ath6kl: Replace ath6kl_usb_submit_ctrl_in with usb_control_msg_recv Date: Mon, 26 Aug 2024 20:29:56 +0800 X-OQ-MSGID: <20240826122955.2674569-3-eadavis@qq.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <2024082631-upward-zips-f7b8@gregkh> References: <2024082631-upward-zips-f7b8@gregkh> Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 ath6kl_usb_submit_ctrl_in() did not take into account the situation where the length of the data read from the device is not equal to the len, and such missing judgments will result in subsequent code using incorrect data. usb_control_msg_recv() handles the abnormal length of the returned data, so using it directly can fix this warning. Reported-by: syzbot+92c6dd14aaa230be6855@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- V4: Adjust indentation style drivers/net/wireless/ath/ath6kl/usb.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath/ath6kl/usb.c b/drivers/net/wireless/ath/ath6kl/usb.c index 5220809841a6..0458b5a078e1 100644 --- a/drivers/net/wireless/ath/ath6kl/usb.c +++ b/drivers/net/wireless/ath/ath6kl/usb.c @@ -1027,9 +1027,10 @@ static int ath6kl_usb_bmi_read(struct ath6kl *ar, u8 *buf, u32 len) int ret; /* get response */ - ret = ath6kl_usb_submit_ctrl_in(ar_usb, - ATH6KL_USB_CONTROL_REQ_RECV_BMI_RESP, - 0, 0, buf, len); + ret = usb_control_msg_recv(ar_usb->udev, 0, + ATH6KL_USB_CONTROL_REQ_RECV_BMI_RESP, + USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + 0, 0, buf, len, 2000, GFP_KERNEL); if (ret) { ath6kl_err("Unable to read the bmi data from the device: %d\n", ret); From patchwork Mon Aug 26 13:01:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Edward Adam Davis X-Patchwork-Id: 13777918 Received: from xmbghk7.mail.qq.com (xmbghk7.mail.qq.com [43.163.128.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DD98165F0E; Mon, 26 Aug 2024 13:02:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=43.163.128.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724677340; cv=none; b=I2B4ElMmWXr2fBa/fKJ/ntIX+4aDG9GRmlVT6sZubO5+3gGu2mhyRoapLsF/rA+AIAlHRuJQ0MhlQPamGko8u5QELgOBQsSqGhyIia6VGPgj/Uh3CaMG2/1afXxEr2fyqhiNcqtOpmcQTicbjr/klmekHHUsC32LMLaboeQbf8c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724677340; c=relaxed/simple; bh=scIlDt3bJxc6xjtCfFWzsD60sMCU7dzjdhlTShv6odY=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=t24OH41UZZpapI/URs+GkhkMbI6dQhZgF+zAGUx7mYs+AmYYruiZcVmhct9TBBpaDKNpZPbDG0ikn/4skcizU+TCW0T1CibHjBXLToUWo3IwY3p3pM72xnBzPk54DqVNZ7VRDlJ1iElB3OYGNJ3KOCGu1Q8fiYD5+QGbQiZcLg4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=GJHAVdBQ; arc=none smtp.client-ip=43.163.128.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="GJHAVdBQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1724677321; bh=4MNoqgFAOdi2a+l9olqRlqs76QuNfFgvKzCU8S9eMFE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=GJHAVdBQezJ0uAmC4uDhKKePM7ocwsgnTHzB7nWLQ2bG0LdTggwD0D0T7LJ42wXQ4 X3nWMPRh0J3Zvmv2MMmlnLN4NZWB1frIXCcrEw5xSG7s8DeC84DAh3wo/4oMfm22Dv /EaXQ6LykA6uTTeHTOKonGBaOmFRt6iLm0Ina1PE= Received: from pek-lxu-l1.wrs.com ([111.198.225.4]) by newxmesmtplogicsvrsza15-1.qq.com (NewEsmtp) with SMTP id 771A2A8; Mon, 26 Aug 2024 21:01:55 +0800 X-QQ-mid: xmsmtpt1724677318txpb2ic50 Message-ID: X-QQ-XMAILINFO: OeF1Bg2NKDhoY4We6TlRiMdQPRfowlu1cuonH5uz2sqZ3Ieo5wzXEtAi02xl7E ID3XGJ6Do7AhjaYuBFmJ0z4EK3O0gXTGtyqkPDQLfjp6fIGnm8lvcaN3VAMTICv4sGmBEPuE01WH N3xd9q25ObL+n0TSt3OX7dJ2uhCgBX4XowZR8cWYKgCsB8ljOX0XQd6xmB79gfL6qc7ahcAfQdZn jw+xR7q8xEQdGRK+r89nIlxtGgHPcPzt4uMW2dBwd7Gbj1yy+PLCf54tmPzHfpdR7RqJja6Nkzad vlLA2RGR0NjK1E/WP2ssGxmdc9iww761mYD/9OkV5DrIlH/CnPcMzzJmrjj94IyHIgy4fOzA5DyL dAyE7kKIvr8vXUR3BLhQLuHREAdgofzjYh1cA4RtuXRUKUwMZ1xvbGbwgB/RAFfWRxc2blRu4B0U 0shQCR3A94AL/J9ajd25kUhx052DRLYQ+S1AwF6Q3gv4z9+VRJm/k9p2OWAe73N7APz88UcXTLIl qXmVbuPx7LH0FwJZw+Y+nkdS1TO3gBHybfxyhss3mc0yOYqRRl2H8aKyP7L3OGWabZ+uoWVirt5Z NSLvGTjvS3qiuwrqjIEhSDivK3Wbs9KtTdsHOvXBkxgGQ/7NdeI4OFhLLxq4r/zXTSs3TIFLKbID 1+dTRkWOKwOkwqgSLhErhO3XTZot8IogGVFr5afuPE3FxYnKiBum1Ccl5hoSro/vRVD5CWF6FQgE ccCHRNtvSL8uBQR3//pJ9SjumlLnAxlqjAnKDMlGnFlKerK5hgr/CwhkKxXkzumQOAjc19EzPw30 78QI8c/t8/9ckdvbhj14IuwxG2g+zZHYEtGcb0P+zQfU42h0TVYUck55/Cvld318+YFVOZOHHgCE VbwelnQNiZNa8dvdia9kkRDyyfc7t2SewVlqtsi8/mI+JvJfVallkjNXmUewyBKTlraJY9g7GDVo UYTFh6Qfost+SsybQikc9CnQPEyvQ7aLUp+gw5SM2NrmPCXLy1eCIYTCHF+hdjXT4yk199Rtuu4h ecmT0T18h6ujSQLq67SGyifbUTR7gxxDpilrpnGg== X-QQ-XMRINFO: NI4Ajvh11aEj8Xl/2s1/T8w= From: Edward Adam Davis To: gregkh@linuxfoundation.org Cc: eadavis@qq.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, sergei.shtylyov@gmail.com, syzbot+92c6dd14aaa230be6855@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com Subject: [PATCH V4 2/2] wifi: ath6kl: remove ath6kl_usb_submit_ctrl_in Date: Mon, 26 Aug 2024 21:01:56 +0800 X-OQ-MSGID: <20240826130154.2706792-4-eadavis@qq.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240826130154.2706792-3-eadavis@qq.com> References: <2024082631-upward-zips-f7b8@gregkh> <20240826130154.2706792-3-eadavis@qq.com> Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 ath6kl_usb_submit_ctrl_in() did not take into account the situation where the length of the data read from the device is not equal to the len, and such missing judgments will result in subsequent code using incorrect data. usb_control_msg_recv() handles the abnormal length of the returned data, so using it directly. Suggested-by: Greg KH Signed-off-by: Edward Adam Davis --- drivers/net/wireless/ath/ath6kl/usb.c | 39 +++------------------------ 1 file changed, 3 insertions(+), 36 deletions(-) diff --git a/drivers/net/wireless/ath/ath6kl/usb.c b/drivers/net/wireless/ath/ath6kl/usb.c index 0458b5a078e1..b1fc66d823b8 100644 --- a/drivers/net/wireless/ath/ath6kl/usb.c +++ b/drivers/net/wireless/ath/ath6kl/usb.c @@ -901,40 +901,6 @@ static int ath6kl_usb_submit_ctrl_out(struct ath6kl_usb *ar_usb, return 0; } -static int ath6kl_usb_submit_ctrl_in(struct ath6kl_usb *ar_usb, - u8 req, u16 value, u16 index, void *data, - u32 size) -{ - u8 *buf = NULL; - int ret; - - if (size > 0) { - buf = kmalloc(size, GFP_KERNEL); - if (buf == NULL) - return -ENOMEM; - } - - /* note: if successful returns number of bytes transfered */ - ret = usb_control_msg(ar_usb->udev, - usb_rcvctrlpipe(ar_usb->udev, 0), - req, - USB_DIR_IN | USB_TYPE_VENDOR | - USB_RECIP_DEVICE, value, index, buf, - size, 2000); - - if (ret < 0) { - ath6kl_warn("Failed to read usb control message: %d\n", ret); - kfree(buf); - return ret; - } - - memcpy((u8 *) data, buf, size); - - kfree(buf); - - return 0; -} - static int ath6kl_usb_ctrl_msg_exchange(struct ath6kl_usb *ar_usb, u8 req_val, u8 *req_buf, u32 req_len, u8 resp_val, u8 *resp_buf, u32 *resp_len) @@ -954,8 +920,9 @@ static int ath6kl_usb_ctrl_msg_exchange(struct ath6kl_usb *ar_usb, } /* get response */ - ret = ath6kl_usb_submit_ctrl_in(ar_usb, resp_val, 0, 0, - resp_buf, *resp_len); + ret = usb_control_msg_recv(ar_usb->udev, 0, resp_val, + USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + 0, 0, resp_buf, *resp_len, 2000, GFP_KERNEL); return ret; }