projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e6c0433)
usb: get rid of pointless access_ok() calls
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 23 Apr 2020 14:27:20 +0000 (10:27 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Fri, 29 May 2020 15:05:58 +0000 (11:05 -0400)
in all affected cases addresses are passed only to
copy_from()_user or copy_to_user().

Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
drivers/usb/core/devices.c patch | blob | history
drivers/usb/core/devio.c patch | blob | history
drivers/usb/gadget/function/f_hid.c patch | blob | history

diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c
index 44f28a1..94b6fa6 100644 (file)
--- a/drivers/usb/core/devices.c
+++ b/drivers/usb/core/devices.c
@@ -598,8 +598,6 @@ static ssize_t usb_device_read(struct file *file, char __user *buf,
                return -EINVAL;
        if (nbytes <= 0)
                return 0;
-       if (!access_ok(buf, nbytes))
-               return -EFAULT;
 
        mutex_lock(&usb_bus_idr_lock);
        /* print devices for all busses */
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 6833c91..5447698 100644 (file)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1127,11 +1127,6 @@ static int proc_control(struct usb_dev_state *ps, void __user *arg)
                ctrl.bRequestType, ctrl.bRequest, ctrl.wValue,
                ctrl.wIndex, ctrl.wLength);
        if (ctrl.bRequestType & 0x80) {
-               if (ctrl.wLength && !access_ok(ctrl.data,
-                                              ctrl.wLength)) {
-                       ret = -EINVAL;
-                       goto done;
-               }
                pipe = usb_rcvctrlpipe(dev, 0);
                snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
 
@@ -1216,10 +1211,6 @@ static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
        }
        tmo = bulk.timeout;
        if (bulk.ep & 0x80) {
-               if (len1 && !access_ok(bulk.data, len1)) {
-                       ret = -EINVAL;
-                       goto done;
-               }
                snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
 
                usb_unlock_device(dev);
diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index f3816a5..df671ac 100644 (file)
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -252,9 +252,6 @@ static ssize_t f_hidg_read(struct file *file, char __user *buffer,
        if (!count)
                return 0;
 
-       if (!access_ok(buffer, count))
-               return -EFAULT;
-
        spin_lock_irqsave(&hidg->read_spinlock, flags);
 
 #define READ_COND (!list_empty(&hidg->completed_out_req))
@@ -339,9 +336,6 @@ static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
        unsigned long flags;
        ssize_t status = -ENOMEM;
 
-       if (!access_ok(buffer, count))
-               return -EFAULT;
-
        spin_lock_irqsave(&hidg->write_spinlock, flags);
 
 #define WRITE_COND (!hidg->write_pending)
MicroBlaze GIT Repository