[PATCH] usb: gadget: mv_u3d: add check for dma mapping error

Alexey Khoroshilov Fri, 28 Oct 2016 16:13:26 -0700

mv_u3d_req_to_trb() does not check for dma mapping errors.

By the way, the patch improves readability of mv_u3d_start_queue()
by rearranging its code with two semantic modifications:
- assignment zero to ep->processing if usb_gadget_map_request() fails;
- propagation of error code from mv_u3d_req_to_trb() instead of 
  hardcoded -ENOMEM.


Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshi...@ispras.ru>
---
 drivers/usb/gadget/udc/mv_u3d_core.c | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/drivers/usb/gadget/udc/mv_u3d_core.c 
b/drivers/usb/gadget/udc/mv_u3d_core.c
index b9e19a591322..8d726bd767fd 100644
--- a/drivers/usb/gadget/udc/mv_u3d_core.c
+++ b/drivers/usb/gadget/udc/mv_u3d_core.c
@@ -462,6 +462,12 @@ static int mv_u3d_req_to_trb(struct mv_u3d_req *req)
                                        req->trb_head->trb_hw,
                                        trb_num * sizeof(*trb_hw),
                                        DMA_BIDIRECTIONAL);
+               if (dma_mapping_error(u3d->gadget.dev.parent,
+                                       req->trb_head->trb_dma)) {
+                       kfree(req->trb_head->trb_hw);
+                       kfree(req->trb_head);
+                       return -EFAULT;
+               }
 
                req->chain = 1;
        }
@@ -487,30 +493,32 @@ mv_u3d_start_queue(struct mv_u3d_ep *ep)
        ret = usb_gadget_map_request(&u3d->gadget, &req->req,
                                        mv_u3d_ep_dir(ep));
        if (ret)
-               return ret;
+               goto break_processing;
 
        req->req.status = -EINPROGRESS;
        req->req.actual = 0;
        req->trb_count = 0;
 
-       /* build trbs and push them to device queue */
-       if (!mv_u3d_req_to_trb(req)) {
-               ret = mv_u3d_queue_trb(ep, req);
-               if (ret) {
-                       ep->processing = 0;
-                       return ret;
-               }
-       } else {
-               ep->processing = 0;
+       /* build trbs */
+       ret = mv_u3d_req_to_trb(req);
+       if (ret) {
                dev_err(u3d->dev, "%s, mv_u3d_req_to_trb fail\n", __func__);
-               return -ENOMEM;
+               goto break_processing;
        }
 
+       /* and push them to device queue */
+       ret = mv_u3d_queue_trb(ep, req);
+       if (ret)
+               goto break_processing;
+
        /* irq handler advances the queue */
-       if (req)
-               list_add_tail(&req->queue, &ep->queue);
+       list_add_tail(&req->queue, &ep->queue);
 
        return 0;
+
+break_processing:
+       ep->processing = 0;
+       return ret;
 }
 
 static int mv_u3d_ep_enable(struct usb_ep *_ep,
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] usb: gadget: mv_u3d: add check for dma mapping error

Reply via email to