net: hso: check for allocation failure in hso_create_bulk_serial_device()

In current kernels, small allocations never actually fail so this patch shouldn't affect runtime. Originally this error handling code written with the idea that if the "serial->tiocmget" allocation failed, then we would continue operating instead of bailing out early. But in later years we added an unchecked dereference on the next line. serial->tiocmget->serial_state_notification = kzalloc(); ^^^^^^^^^^^^^^^^^^ Since these allocations are never going fail in real life, this is mostly a philosophical debate, but I think bailing out early is the correct behavior that the user would want. And generally it's safer to bail as soon an error happens. Fixes: af0de130 ("usb: hso: obey DMA rules in tiocmget") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Johan Hovold <johan@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>

net: hso: check for allocation failure in hso_create_bulk_serial_device()
In current kernels, small allocations never actually fail so this patch shouldn't affect runtime. Originally this error handling code written with the idea that if the "serial->tiocmget" allocation failed, then we would continue operating instead of bailing out early. But in later years we added an unchecked dereference on the next line. serial->tiocmget->serial_state_notification = kzalloc(); ^^^^^^^^^^^^^^^^^^ Since these allocations are never going fail in real life, this is mostly a philosophical debate, but I think bailing out early is the correct behavior that the user would want. And generally it's safer to bail as soon an error happens. Fixes: af0de130 ("usb: hso: obey DMA rules in tiocmget") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Johan Hovold <johan@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
31db0dbd · Dan Carpenter · David S. Miller · b7df21cf · 31db0dbd
Commit 31db0dbd authored May 14, 2021 by Dan Carpenter Committed by David S. Miller May 17, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 19 deletions

drivers/net/usb/hso.c drivers/net/usb/hso.c +18 -19

No files found.
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -2618,29 +2618,28 @@ static struct hso_device *hso_create_bulk_serial_device(
 		num_urbs = 2;
 		serial->tiocmget = kzalloc(sizeof(struct hso_tiocmget),
 					   GFP_KERNEL);
+		if (!serial->tiocmget)
+			goto exit;
 		serial->tiocmget->serial_state_notification
 			= kzalloc(sizeof(struct hso_serial_state_notification),
 					   GFP_KERNEL);
-		/* it isn't going to break our heart if serial->tiocmget
+		if (!serial->tiocmget->serial_state_notification)
-		 *  allocation fails don't bother checking this.
+			goto exit;
-		 */
+		tiocmget = serial->tiocmget;
-		if (serial->tiocmget && serial->tiocmget->serial_state_notification) {
+		tiocmget->endp = hso_get_ep(interface,
-			tiocmget = serial->tiocmget;
+					    USB_ENDPOINT_XFER_INT,
-			tiocmget->endp = hso_get_ep(interface,
+					    USB_DIR_IN);
-						    USB_ENDPOINT_XFER_INT,
+		if (!tiocmget->endp) {
-						    USB_DIR_IN);
+			dev_err(&interface->dev, "Failed to find INT IN ep\n");
-			if (!tiocmget->endp) {
+			goto exit;
-				dev_err(&interface->dev, "Failed to find INT IN ep\n");
-				goto exit;
-			}
-			tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL);
-			if (tiocmget->urb) {
-				mutex_init(&tiocmget->mutex);
-				init_waitqueue_head(&tiocmget->waitq);
-			} else
-				hso_free_tiomget(serial);
 		}
+		tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL);
+		if (tiocmget->urb) {
+			mutex_init(&tiocmget->mutex);
+			init_waitqueue_head(&tiocmget->waitq);
+		} else
+			hso_free_tiomget(serial);
 	}
 	else
 		num_urbs = 1;