In this clean up patch, I altered functions: copy_to/ from_user() to return -EFAULT when an error occurs. I also replaced break statements when an error occurs from copy_to/from_user() with direct returns of -EFAULT.
Signed-off-by: Kevin McKinney <[email protected]> --- drivers/staging/bcm/Bcmchar.c | 75 ++++++++++++++++++++++------------------ 1 files changed, 41 insertions(+), 34 deletions(-) diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c index 5655ce3..c4d7a61 100644 --- a/drivers/staging/bcm/Bcmchar.c +++ b/drivers/staging/bcm/Bcmchar.c @@ -235,8 +235,10 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg) (PUINT)temp_buff, Bufflen); if (bytes > 0) { Status = STATUS_SUCCESS; - if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, bytes)) - Status = -EFAULT; + if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, bytes)) { + kfree(temp_buff); + return -EFAULT; + } } else { Status = bytes; } @@ -330,8 +332,10 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg) if (bytes > 0) { Status = STATUS_SUCCESS; - if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, bytes)) - Status = -EFAULT; + if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, bytes)) { + kfree(temp_buff); + return -EFAULT; + } } else { Status = bytes; } @@ -625,7 +629,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg) if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Failed while copying Content to IOBufer for user space err:%d", Status); - break; + return -EFAULT; } } break; @@ -701,7 +705,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg) if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Failed while copying Content to IOBufer for user space err:%d", Status); - break; + return -EFAULT; } } break; @@ -729,9 +733,8 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg) return -ENOMEM; if (copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength)) { - Status = -EFAULT; kfree(pvBuffer); - break; + return -EFAULT; } down(&Adapter->LowPowerModeSync); @@ -1012,8 +1015,7 @@ cntrlEnd: /* Copy Ioctl Buffer structure */ if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "copy_from_user failed..\n"); - Status = -EFAULT; - break; + return -EFAULT; } if (IoBuffer.OutputLength != sizeof(link_state)) { @@ -1028,8 +1030,7 @@ cntrlEnd: if (copy_to_user(IoBuffer.OutputBuffer, &link_state, min_t(size_t, sizeof(link_state), IoBuffer.OutputLength))) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy_to_user Failed..\n"); - Status = -EFAULT; - break; + return -EFAULT; } Status = STATUS_SUCCESS; break; @@ -1095,8 +1096,10 @@ cntrlEnd: GetDroppedAppCntrlPktMibs(temp_buff, pTarang); if (Status != STATUS_FAILURE) - if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, sizeof(S_MIBS_HOST_STATS_MIBS))) - Status = -EFAULT; + if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, sizeof(S_MIBS_HOST_STATS_MIBS))) { + kfree(temp_buff); + return -EFAULT; + } kfree(temp_buff); break; @@ -1138,8 +1141,7 @@ cntrlEnd: /* Get WrmBuffer structure */ if (copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength)) { kfree(pvBuffer); - Status = -EFAULT; - break; + return -EFAULT; } pBulkBuffer = (PBULKWRM_BUFFER)pvBuffer; @@ -1479,7 +1481,9 @@ cntrlEnd: Status = copy_to_user(OutPutBuff, pReadBuff, ReadBytes); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Copy to use failed with status :%d", Status); - break; + up(&Adapter->NVMRdmWrmLock); + kfree(pReadBuff); + return -EFAULT; } NOB = NOB - ReadBytes; if (NOB) { @@ -1571,7 +1575,9 @@ cntrlEnd: Status = copy_from_user(pWriteBuff, InputAddr, WriteBytes); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy to user failed with status :%d", Status); - break; + up(&Adapter->NVMRdmWrmLock); + kfree(pWriteBuff); + return -EFAULT; } BCM_DEBUG_PRINT_BUFFER(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, pWriteBuff, WriteBytes); @@ -1631,8 +1637,10 @@ cntrlEnd: BcmGetFlash2xSectionalBitMap(Adapter, psFlash2xBitMap); up(&Adapter->NVMRdmWrmLock); - if (copy_to_user(IoBuffer.OutputBuffer, psFlash2xBitMap, sizeof(FLASH2X_BITMAP))) - Status = -EFAULT; + if (copy_to_user(IoBuffer.OutputBuffer, psFlash2xBitMap, sizeof(FLASH2X_BITMAP))) { + kfree(psFlash2xBitMap); + return -EFAULT; + } kfree(psFlash2xBitMap); } @@ -1650,13 +1658,13 @@ cntrlEnd: Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed"); - return Status; + return -EFAULT; } Status = copy_from_user(&eFlash2xSectionVal, IoBuffer.InputBuffer, sizeof(INT)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of flash section val failed"); - return Status; + return -EFAULT; } down(&Adapter->NVMRdmWrmLock); @@ -1700,13 +1708,13 @@ cntrlEnd: Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed Status :%d", Status); - return Status; + return -EFAULT; } Status = copy_from_user(&sCopySectStrut, IoBuffer.InputBuffer, sizeof(FLASH2X_COPY_SECTION)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of Copy_Section_Struct failed with Status :%d", Status); - return Status; + return -EFAULT; } BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Source SEction :%x", sCopySectStrut.SrcSection); @@ -1767,7 +1775,7 @@ cntrlEnd: Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed"); - break; + return -EFAULT; } if (Adapter->eNVMType != NVM_FLASH) { @@ -1806,12 +1814,12 @@ cntrlEnd: Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed"); - return Status; + return -EFAULT; } Status = copy_from_user(&eFlash2xSectionVal, IoBuffer.InputBuffer, sizeof(INT)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy of flash section val failed"); - return Status; + return -EFAULT; } BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Read Section :%d", eFlash2xSectionVal); @@ -1853,8 +1861,7 @@ cntrlEnd: /* Copy Ioctl Buffer structure */ if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "copy_from_user 1 failed\n"); - Status = -EFAULT; - break; + return -EFAULT; } if (copy_from_user(&stNVMRead, IoBuffer.OutputBuffer, sizeof(NVM_READWRITE))) @@ -1909,7 +1916,9 @@ cntrlEnd: Status = copy_to_user(OutPutBuff, pReadBuff, ReadBytes); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy to use failed with status :%d", Status); - break; + up(&Adapter->NVMRdmWrmLock); + kfree(pReadBuff); + return -EFAULT; } NOB = NOB - ReadBytes; if (NOB) { @@ -1930,8 +1939,7 @@ cntrlEnd: Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "copy of Ioctl buffer is failed from user space"); - Status = -EFAULT; - break; + return -EFAULT; } if (IoBuffer.InputLength != sizeof(unsigned long)) { @@ -1942,8 +1950,7 @@ cntrlEnd: Status = copy_from_user(&RxCntrlMsgBitMask, IoBuffer.InputBuffer, IoBuffer.InputLength); if (Status) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "copy of control bit mask failed from user space"); - Status = -EFAULT; - break; + return -EFAULT; } BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "\n Got user defined cntrl msg bit mask :%lx", RxCntrlMsgBitMask); pTarang->RxCntrlMsgBitMask = RxCntrlMsgBitMask; -- 1.7.4.1 _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
