From be8a058b50a90282d32aa638720195e1c327c569 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 22 May 2010 10:26:22 +0200 Subject: USB: gadget: Use memdup_user Use memdup_user when user data is immediately copied into the allocated region. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression from,to,size,flag; position p; identifier l1,l2; @@ - to = \(kmalloc@p\|kzalloc@p\)(size,flag); + to = memdup_user(from,size); if ( - to==NULL + IS_ERR(to) || ...) { <+... when != goto l1; - -ENOMEM + PTR_ERR(to) ...+> } - if (copy_from_user(to, from, size) != 0) { - <+... when != goto l2; - -EFAULT - ...+> - } // Signed-off-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/inode.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'drivers/usb/gadget/inode.c') diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c index de8a838..63fc171 100644 --- a/drivers/usb/gadget/inode.c +++ b/drivers/usb/gadget/inode.c @@ -1867,13 +1867,9 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) buf += 4; length -= 4; - kbuf = kmalloc (length, GFP_KERNEL); - if (!kbuf) - return -ENOMEM; - if (copy_from_user (kbuf, buf, length)) { - kfree (kbuf); - return -EFAULT; - } + kbuf = memdup_user(buf, length); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); spin_lock_irq (&dev->lock); value = -EINVAL; -- cgit v1.1 From 1548b13b75a2ec06f46220004e91c37818be6c18 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Tue, 1 Jun 2010 23:04:44 +0200 Subject: usb: gadget: Do not take BKL for gadget->ops->ioctl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no gadget driver in the tree that actually implements the ioctl operation, so obviously it is not necessary to hold the BKL around the call. Signed-off-by: Arnd Bergmann Cc: David Brownell Cc: MichaƂ Nazarewicz Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/inode.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'drivers/usb/gadget/inode.c') diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c index 63fc171..fc35406 100644 --- a/drivers/usb/gadget/inode.c +++ b/drivers/usb/gadget/inode.c @@ -1299,11 +1299,9 @@ static long dev_ioctl (struct file *fd, unsigned code, unsigned long value) struct usb_gadget *gadget = dev->gadget; long ret = -ENOTTY; - if (gadget->ops->ioctl) { - lock_kernel(); + if (gadget->ops->ioctl) ret = gadget->ops->ioctl (gadget, code, value); - unlock_kernel(); - } + return ret; } -- cgit v1.1