Re: [PATCH] net: usb: Fix uninit-was-stored issue in asix_read_cmd()

From: Greg Kroah-Hartman
Date: Sun Aug 23 2020 - 06:56:43 EST


On Sun, Aug 23, 2020 at 12:31:03PM +0200, Dmitry Vyukov wrote:
> On Sun, Aug 23, 2020 at 12:19 PM Greg Kroah-Hartman
> > It's not always a failure, some devices have protocols that are "I could
> > return up to a max X bytes but could be shorter" types of messages, so
> > it's up to the caller to check that they got what they really asked for.
>
> Yes, that's why I said _separate_ helper function. There seems to be
> lots of callers that want exactly this -- "I want 4 bytes, anything
> else is an error". With the current API it's harder to do - you need
> additional checks, additional code, maybe even additional variables to
> store the required size. APIs should make correct code easy to write.

One note on this, will respond to the rest of the email later.

It should be the same exact amount of code in the driver to handle this
either way:

Today's correctly written driver:

data_size = 4;
data = kmalloc(data_size, GFP_KERNEL);
...

retval = usb_control_msg(....., data, data_size, ...);
if (retval < buf_size) {
/* SOMETHING WENT WRONG! */
}

With your new function:

data_size = 4;
data = kmalloc(data_size, GFP_KERNEL);
...

retval = usb_control_msg_error_on_short(....., data, data_size, ...);
if (retval < 0) {
/* SOMETHING WENT WRONG! */
}


Catch the difference, it's only in checking for retval, either way you
are writing the exact same logic in the driver, you still have to tell
the USB layer the size of the buffer you want to read into, still have
to pass in the buffer, and everything else. You already know the size
of the data you want, and you already are doing the check, those things
you have to do no matter what, it's not extra work.

We can write a wrapper around usb_control_msg() for something like this
that does the transformation of a short read into an error, but really,
does that give us all that much here?

Yes, I want to make it easy to write correct drivers, and hard to get
things wrong, but in this case, I don't see the new way any "harder" to
get wrong.

Unless you know of a simpler way here?

thanks,

greg k-h