tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing head: ae8a2ca8a2215c7e31e6d874f7303801bb15fbbc commit: cbe743f1333b23040d1312afd58224dbd58fcc25 [34/67] usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_IN
New smatch warnings: drivers/usb/class/usbtmc.c:339 usbtmc_ioctl_abort_bulk_in_tag() error: uninitialized symbol 'actual'. Old smatch warnings: drivers/usb/class/usbtmc.c:1975 usbtmc_ioctl_request() warn: possible memory leak of 'buffer' drivers/usb/class/usbtmc.c:1978 usbtmc_ioctl_request() warn: overwrite may leak 'buffer' # https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/?id=cbe743f1333b23040d1312afd58224dbd58fcc25 git remote add usb https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git git remote update usb git checkout cbe743f1333b23040d1312afd58224dbd58fcc25 vim +/actual +339 drivers/usb/class/usbtmc.c 5b775f67 Greg Kroah-Hartman 2008-08-26 272 cbe743f1 Guido Kiener 2018-09-12 273 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data, cbe743f1 Guido Kiener 2018-09-12 274 u8 tag) 5b775f67 Greg Kroah-Hartman 2008-08-26 275 { b361a6e3 Chris Malley 2008-10-25 276 u8 *buffer; 5b775f67 Greg Kroah-Hartman 2008-08-26 277 struct device *dev; 5b775f67 Greg Kroah-Hartman 2008-08-26 278 int rv; 5b775f67 Greg Kroah-Hartman 2008-08-26 279 int n; 5b775f67 Greg Kroah-Hartman 2008-08-26 280 int actual; 5b775f67 Greg Kroah-Hartman 2008-08-26 281 5b775f67 Greg Kroah-Hartman 2008-08-26 282 dev = &data->intf->dev; cbe743f1 Guido Kiener 2018-09-12 283 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 5b775f67 Greg Kroah-Hartman 2008-08-26 284 if (!buffer) 5b775f67 Greg Kroah-Hartman 2008-08-26 285 return -ENOMEM; 5b775f67 Greg Kroah-Hartman 2008-08-26 286 5b775f67 Greg Kroah-Hartman 2008-08-26 287 rv = usb_control_msg(data->usb_dev, 5b775f67 Greg Kroah-Hartman 2008-08-26 288 usb_rcvctrlpipe(data->usb_dev, 0), 5b775f67 Greg Kroah-Hartman 2008-08-26 289 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN, 5b775f67 Greg Kroah-Hartman 2008-08-26 290 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, cbe743f1 Guido Kiener 2018-09-12 291 tag, data->bulk_in, cbe743f1 Guido Kiener 2018-09-12 292 buffer, 2, USB_CTRL_GET_TIMEOUT); 5b775f67 Greg Kroah-Hartman 2008-08-26 293 5b775f67 Greg Kroah-Hartman 2008-08-26 294 if (rv < 0) { 5b775f67 Greg Kroah-Hartman 2008-08-26 295 dev_err(dev, "usb_control_msg returned %d\n", rv); 5b775f67 Greg Kroah-Hartman 2008-08-26 296 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 297 } 5b775f67 Greg Kroah-Hartman 2008-08-26 298 cbe743f1 Guido Kiener 2018-09-12 299 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n", cbe743f1 Guido Kiener 2018-09-12 300 buffer[0], buffer[1]); 5b775f67 Greg Kroah-Hartman 2008-08-26 301 5b775f67 Greg Kroah-Hartman 2008-08-26 302 if (buffer[0] == USBTMC_STATUS_FAILED) { cbe743f1 Guido Kiener 2018-09-12 303 /* No transfer in progress and the Bulk-OUT FIFO is empty. */ 5b775f67 Greg Kroah-Hartman 2008-08-26 304 rv = 0; 5b775f67 Greg Kroah-Hartman 2008-08-26 305 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 306 } 5b775f67 Greg Kroah-Hartman 2008-08-26 307 cbe743f1 Guido Kiener 2018-09-12 308 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) { cbe743f1 Guido Kiener 2018-09-12 309 /* The device returns this status if either: cbe743f1 Guido Kiener 2018-09-12 310 * - There is a transfer in progress, but the specified bTag cbe743f1 Guido Kiener 2018-09-12 311 * does not match. cbe743f1 Guido Kiener 2018-09-12 312 * - There is no transfer in progress, but the Bulk-OUT FIFO cbe743f1 Guido Kiener 2018-09-12 313 * is not empty. cbe743f1 Guido Kiener 2018-09-12 314 */ cbe743f1 Guido Kiener 2018-09-12 315 rv = -ENOMSG; 5b775f67 Greg Kroah-Hartman 2008-08-26 316 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 317 } 5b775f67 Greg Kroah-Hartman 2008-08-26 318 cbe743f1 Guido Kiener 2018-09-12 319 if (buffer[0] != USBTMC_STATUS_SUCCESS) { cbe743f1 Guido Kiener 2018-09-12 320 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", cbe743f1 Guido Kiener 2018-09-12 321 buffer[0]); 5b775f67 Greg Kroah-Hartman 2008-08-26 322 rv = -EPERM; 5b775f67 Greg Kroah-Hartman 2008-08-26 323 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 324 } 5b775f67 Greg Kroah-Hartman 2008-08-26 325 5b775f67 Greg Kroah-Hartman 2008-08-26 326 n = 0; 5b775f67 Greg Kroah-Hartman 2008-08-26 327 cbe743f1 Guido Kiener 2018-09-12 328 usbtmc_abort_bulk_in_status: 5b775f67 Greg Kroah-Hartman 2008-08-26 329 dev_dbg(dev, "Reading from bulk in EP\n"); 5b775f67 Greg Kroah-Hartman 2008-08-26 330 cbe743f1 Guido Kiener 2018-09-12 331 /* Data must be present. So use low timeout 300 ms */ 5b775f67 Greg Kroah-Hartman 2008-08-26 332 rv = usb_bulk_msg(data->usb_dev, 5b775f67 Greg Kroah-Hartman 2008-08-26 333 usb_rcvbulkpipe(data->usb_dev, 5b775f67 Greg Kroah-Hartman 2008-08-26 334 data->bulk_in), cbe743f1 Guido Kiener 2018-09-12 335 buffer, USBTMC_BUFSIZE, cbe743f1 Guido Kiener 2018-09-12 336 &actual, 300); cbe743f1 Guido Kiener 2018-09-12 337 cbe743f1 Guido Kiener 2018-09-12 338 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, cbe743f1 Guido Kiener 2018-09-12 @339 buffer, actual, true); ^^^^^^ We haven't checked that usb_bulk_msg() succeeded so this might be uninitialized. 5b775f67 Greg Kroah-Hartman 2008-08-26 340 5b775f67 Greg Kroah-Hartman 2008-08-26 341 n++; 5b775f67 Greg Kroah-Hartman 2008-08-26 342 5b775f67 Greg Kroah-Hartman 2008-08-26 343 if (rv < 0) { 5b775f67 Greg Kroah-Hartman 2008-08-26 344 dev_err(dev, "usb_bulk_msg returned %d\n", rv); cbe743f1 Guido Kiener 2018-09-12 345 if (rv != -ETIMEDOUT) 5b775f67 Greg Kroah-Hartman 2008-08-26 346 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 347 } 5b775f67 Greg Kroah-Hartman 2008-08-26 348 cbe743f1 Guido Kiener 2018-09-12 349 if (actual == USBTMC_BUFSIZE) cbe743f1 Guido Kiener 2018-09-12 350 goto usbtmc_abort_bulk_in_status; cbe743f1 Guido Kiener 2018-09-12 351 cbe743f1 Guido Kiener 2018-09-12 352 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 5b775f67 Greg Kroah-Hartman 2008-08-26 353 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 5b775f67 Greg Kroah-Hartman 2008-08-26 354 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 5b775f67 Greg Kroah-Hartman 2008-08-26 355 rv = -EPERM; 5b775f67 Greg Kroah-Hartman 2008-08-26 356 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 357 } 5b775f67 Greg Kroah-Hartman 2008-08-26 358 5b775f67 Greg Kroah-Hartman 2008-08-26 359 rv = usb_control_msg(data->usb_dev, 5b775f67 Greg Kroah-Hartman 2008-08-26 360 usb_rcvctrlpipe(data->usb_dev, 0), 5b775f67 Greg Kroah-Hartman 2008-08-26 361 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS, 5b775f67 Greg Kroah-Hartman 2008-08-26 362 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 5b775f67 Greg Kroah-Hartman 2008-08-26 363 0, data->bulk_in, buffer, 0x08, cbe743f1 Guido Kiener 2018-09-12 364 USB_CTRL_GET_TIMEOUT); 5b775f67 Greg Kroah-Hartman 2008-08-26 365 5b775f67 Greg Kroah-Hartman 2008-08-26 366 if (rv < 0) { 5b775f67 Greg Kroah-Hartman 2008-08-26 367 dev_err(dev, "usb_control_msg returned %d\n", rv); 5b775f67 Greg Kroah-Hartman 2008-08-26 368 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 369 } 5b775f67 Greg Kroah-Hartman 2008-08-26 370 cbe743f1 Guido Kiener 2018-09-12 371 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 5b775f67 Greg Kroah-Hartman 2008-08-26 372 5b775f67 Greg Kroah-Hartman 2008-08-26 373 if (buffer[0] == USBTMC_STATUS_SUCCESS) { 5b775f67 Greg Kroah-Hartman 2008-08-26 374 rv = 0; 5b775f67 Greg Kroah-Hartman 2008-08-26 375 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 376 } 5b775f67 Greg Kroah-Hartman 2008-08-26 377 5b775f67 Greg Kroah-Hartman 2008-08-26 378 if (buffer[0] != USBTMC_STATUS_PENDING) { cbe743f1 Guido Kiener 2018-09-12 379 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 5b775f67 Greg Kroah-Hartman 2008-08-26 380 rv = -EPERM; 5b775f67 Greg Kroah-Hartman 2008-08-26 381 goto exit; 5b775f67 Greg Kroah-Hartman 2008-08-26 382 } 5b775f67 Greg Kroah-Hartman 2008-08-26 383 cbe743f1 Guido Kiener 2018-09-12 384 if ((buffer[1] & 1) > 0) { cbe743f1 Guido Kiener 2018-09-12 385 /* The device has 1 or more queued packets the Host can read */ 5b775f67 Greg Kroah-Hartman 2008-08-26 386 goto usbtmc_abort_bulk_in_status; cbe743f1 Guido Kiener 2018-09-12 387 } 5b775f67 Greg Kroah-Hartman 2008-08-26 388 cbe743f1 Guido Kiener 2018-09-12 389 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */ cbe743f1 Guido Kiener 2018-09-12 390 rv = -EAGAIN; 5b775f67 Greg Kroah-Hartman 2008-08-26 391 exit: 5b775f67 Greg Kroah-Hartman 2008-08-26 392 kfree(buffer); 5b775f67 Greg Kroah-Hartman 2008-08-26 393 return rv; cbe743f1 Guido Kiener 2018-09-12 394 } 5b775f67 Greg Kroah-Hartman 2008-08-26 395 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
