[SRU][B][F][PATCH 3/4] USB: correct API of usb_control_msg_send/recv
Magali Lemes
magali.lemes.do.sacramento at canonical.com
Fri Mar 10 18:20:10 UTC 2023
From: Oliver Neukum <oneukum at suse.com>
They need to specify how memory is to be allocated,
as control messages need to work in contexts that require GFP_NOIO.
Signed-off-by: Oliver Neukum <oneukum at suse.com>
Link: https://lore.kernel.org/r/20200923134348.23862-9-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
CVE-2022-3903
(backported from commit ddd1198e3e0935066d6e309180d49f64ef4fa702)
[magalilemes: Only adjust the functions signatures, as they're not being
called anywhere yet.]
Signed-off-by: Magali Lemes <magali.lemes at canonical.com>
---
drivers/usb/core/message.c | 12 ++++++++----
include/linux/usb.h | 6 ++++--
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index a93548effc01..d34196ad2bc5 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -172,6 +172,7 @@ EXPORT_SYMBOL_GPL(usb_control_msg);
* @size: length in bytes of the data to send
* @timeout: time in msecs to wait for the message to complete before timing
* out (if 0 the wait is forever)
+ * @memflags: the flags for memory allocation for buffers
*
* Context: !in_interrupt ()
*
@@ -194,7 +195,8 @@ EXPORT_SYMBOL_GPL(usb_control_msg);
*/
int usb_control_msg_send(struct usb_device *dev, __u8 endpoint, __u8 request,
__u8 requesttype, __u16 value, __u16 index,
- const void *driver_data, __u16 size, int timeout)
+ const void *driver_data, __u16 size, int timeout,
+ gfp_t memflags)
{
unsigned int pipe = usb_sndctrlpipe(dev, endpoint);
int ret;
@@ -204,7 +206,7 @@ int usb_control_msg_send(struct usb_device *dev, __u8 endpoint, __u8 request,
return -EINVAL;
if (size) {
- data = kmemdup(driver_data, size, GFP_KERNEL);
+ data = kmemdup(driver_data, size, memflags);
if (!data)
return -ENOMEM;
}
@@ -233,6 +235,7 @@ EXPORT_SYMBOL_GPL(usb_control_msg_send);
* @size: length in bytes of the data to be received
* @timeout: time in msecs to wait for the message to complete before timing
* out (if 0 the wait is forever)
+ * @memflags: the flags for memory allocation for buffers
*
* Context: !in_interrupt ()
*
@@ -261,7 +264,8 @@ EXPORT_SYMBOL_GPL(usb_control_msg_send);
*/
int usb_control_msg_recv(struct usb_device *dev, __u8 endpoint, __u8 request,
__u8 requesttype, __u16 value, __u16 index,
- void *driver_data, __u16 size, int timeout)
+ void *driver_data, __u16 size, int timeout,
+ gfp_t memflags)
{
unsigned int pipe = usb_rcvctrlpipe(dev, endpoint);
int ret;
@@ -270,7 +274,7 @@ int usb_control_msg_recv(struct usb_device *dev, __u8 endpoint, __u8 request,
if (!size || !driver_data || usb_pipe_type_check(dev, pipe))
return -EINVAL;
- data = kmalloc(size, GFP_KERNEL);
+ data = kmalloc(size, memflags);
if (!data)
return -ENOMEM;
diff --git a/include/linux/usb.h b/include/linux/usb.h
index 0a572661812d..706afbf124a3 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
@@ -1769,10 +1769,12 @@ extern int usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe,
/* wrappers around usb_control_msg() for the most common standard requests */
int usb_control_msg_send(struct usb_device *dev, __u8 endpoint, __u8 request,
__u8 requesttype, __u16 value, __u16 index,
- const void *data, __u16 size, int timeout);
+ const void *data, __u16 size, int timeout,
+ gfp_t memflags);
int usb_control_msg_recv(struct usb_device *dev, __u8 endpoint, __u8 request,
__u8 requesttype, __u16 value, __u16 index,
- void *data, __u16 size, int timeout);
+ void *data, __u16 size, int timeout,
+ gfp_t memflags);
extern int usb_get_descriptor(struct usb_device *dev, unsigned char desctype,
unsigned char descindex, void *buf, int size);
extern int usb_get_status(struct usb_device *dev,
--
2.34.1
More information about the kernel-team
mailing list