usb: gadget: Zero ffs_io_data [Linux 4.9.187]

This Linux kernel change "usb: gadget: Zero ffs_io_data" is included in the Linux 4.9.187 release. This change is authored by Andrzej Pietrasiewicz <andrzej.p [at] collabora.com> on Mon Jun 3 19:05:28 2019 +0200. The commit for this change in Linux stable tree is d585589 (patch) which is from upstream commit 5085955. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 5085955.

usb: gadget: Zero ffs_io_data

[ Upstream commit 508595515f4bcfe36246e4a565cf280937aeaade ]

In some cases the "Allocate & copy" block in ffs_epfile_io() is not
executed. Consequently, in such a case ffs_alloc_buffer() is never called
and struct ffs_io_data is not initialized properly. This in turn leads to
problems when ffs_free_buffer() is called at the end of ffs_epfile_io().

This patch uses kzalloc() instead of kmalloc() in the aio case and memset()
in non-aio case to properly initialize struct ffs_io_data.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

There are 6 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/usb/gadget/function/f_fs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 927ac0e..d1278d2 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1101,11 +1101,12 @@ static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
    ENTER();

    if (!is_sync_kiocb(kiocb)) {
-       p = kmalloc(sizeof(io_data), GFP_KERNEL);
+       p = kzalloc(sizeof(io_data), GFP_KERNEL);
        if (unlikely(!p))
            return -ENOMEM;
        p->aio = true;
    } else {
+       memset(p, 0, sizeof(*p));
        p->aio = false;
    }

@@ -1137,11 +1138,12 @@ static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
    ENTER();

    if (!is_sync_kiocb(kiocb)) {
-       p = kmalloc(sizeof(io_data), GFP_KERNEL);
+       p = kzalloc(sizeof(io_data), GFP_KERNEL);
        if (unlikely(!p))
            return -ENOMEM;
        p->aio = true;
    } else {
+       memset(p, 0, sizeof(*p));
        p->aio = false;
    }

Leave a Reply

Your email address will not be published. Required fields are marked *