USB: unify some error pathways in usbfs

This patch (as1496) unifies the error-return pathways of several
functions in the usbfs driver.  This is not a very important change by
itself; it merely prepares the way for the next patch in this series.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index e3beaf2..e8ade68 100644 (file)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -806,8 +806,8 @@ static int proc_control(struct dev_state *ps, void __user *arg)
        if (ctrl.bRequestType & 0x80) {
                if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data,
                                               ctrl.wLength)) {
-                       free_page((unsigned long)tbuf);
-                       return -EINVAL;
+                       ret = -EINVAL;
+                       goto done;
                }
                pipe = usb_rcvctrlpipe(dev, 0);
                snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
@@ -821,15 +821,15 @@ static int proc_control(struct dev_state *ps, void __user *arg)
                          tbuf, max(i, 0));
                if ((i > 0) && ctrl.wLength) {
                        if (copy_to_user(ctrl.data, tbuf, i)) {
-                               free_page((unsigned long)tbuf);
-                               return -EFAULT;
+                               ret = -EFAULT;
+                               goto done;
                        }
                }
        } else {
                if (ctrl.wLength) {
                        if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
-                               free_page((unsigned long)tbuf);
-                               return -EFAULT;
+                               ret = -EFAULT;
+                               goto done;
                        }
                }
                pipe = usb_sndctrlpipe(dev, 0);
@@ -843,14 +843,16 @@ static int proc_control(struct dev_state *ps, void __user *arg)
                usb_lock_device(dev);
                snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE, NULL, 0);
        }
-       free_page((unsigned long)tbuf);
        if (i < 0 && i != -EPIPE) {
                dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
                           "failed cmd %s rqt %u rq %u len %u ret %d\n",
                           current->comm, ctrl.bRequestType, ctrl.bRequest,
                           ctrl.wLength, i);
        }
-       return i;
+       ret = i;
+ done:
+       free_page((unsigned long) tbuf);
+       return ret;
 }
 
 static int proc_bulk(struct dev_state *ps, void __user *arg)
@@ -884,8 +886,8 @@ static int proc_bulk(struct dev_state *ps, void __user *arg)
        tmo = bulk.timeout;
        if (bulk.ep & 0x80) {
                if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
-                       kfree(tbuf);
-                       return -EINVAL;
+                       ret = -EINVAL;
+                       goto done;
                }
                snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
 
@@ -896,15 +898,15 @@ static int proc_bulk(struct dev_state *ps, void __user *arg)
 
                if (!i && len2) {
                        if (copy_to_user(bulk.data, tbuf, len2)) {
-                               kfree(tbuf);
-                               return -EFAULT;
+                               ret = -EFAULT;
+                               goto done;
                        }
                }
        } else {
                if (len1) {
                        if (copy_from_user(tbuf, bulk.data, len1)) {
-                               kfree(tbuf);
-                               return -EFAULT;
+                               ret = -EFAULT;
+                               goto done;
                        }
                }
                snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, tbuf, len1);
@@ -914,10 +916,10 @@ static int proc_bulk(struct dev_state *ps, void __user *arg)
                usb_lock_device(dev);
                snoop_urb(dev, NULL, pipe, len2, i, COMPLETE, NULL, 0);
        }
+       ret = (i < 0 ? i : len2);
+ done:
        kfree(tbuf);
-       if (i < 0)
-               return i;
-       return len2;
+       return ret;
 }
 
 static int proc_resetep(struct dev_state *ps, void __user *arg)
@@ -1062,7 +1064,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
 {
        struct usbdevfs_iso_packet_desc *isopkt = NULL;
        struct usb_host_endpoint *ep;
-       struct async *as;
+       struct async *as = NULL;
        struct usb_ctrlrequest *dr = NULL;
        unsigned int u, totlen, isofrmlen;
        int ret, ifnum = -1;
@@ -1108,19 +1110,17 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
                if (!dr)
                        return -ENOMEM;
                if (copy_from_user(dr, uurb->buffer, 8)) {
-                       kfree(dr);
-                       return -EFAULT;
+                       ret = -EFAULT;
+                       goto error;
                }
                if (uurb->buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
-                       kfree(dr);
-                       return -EINVAL;
+                       ret = -EINVAL;
+                       goto error;
                }
                ret = check_ctrlrecip(ps, dr->bRequestType, dr->bRequest,
                                      le16_to_cpup(&dr->wIndex));
-               if (ret) {
-                       kfree(dr);
-                       return ret;
-               }
+               if (ret)
+                       goto error;
                uurb->number_of_packets = 0;
                uurb->buffer_length = le16_to_cpup(&dr->wLength);
                uurb->buffer += 8;
@@ -1176,22 +1176,22 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
                if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
                        return -ENOMEM;
                if (copy_from_user(isopkt, iso_frame_desc, isofrmlen)) {
-                       kfree(isopkt);
-                       return -EFAULT;
+                       ret = -EFAULT;
+                       goto error;
                }
                for (totlen = u = 0; u < uurb->number_of_packets; u++) {
                        /* arbitrary limit,
                         * sufficient for USB 2.0 high-bandwidth iso */
                        if (isopkt[u].length > 8192) {
-                               kfree(isopkt);
-                               return -EINVAL;
+                               ret = -EINVAL;
+                               goto error;
                        }
                        totlen += isopkt[u].length;
                }
                /* 3072 * 64 microframes */
                if (totlen > 196608) {
-                       kfree(isopkt);
-                       return -EINVAL;
+                       ret = -EINVAL;
+                       goto error;
                }
                uurb->buffer_length = totlen;
                break;
@@ -1202,24 +1202,20 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
        if (uurb->buffer_length > 0 &&
                        !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ,
                                uurb->buffer, uurb->buffer_length)) {
-               kfree(isopkt);
-               kfree(dr);
-               return -EFAULT;
+               ret = -EFAULT;
+               goto error;
        }
        as = alloc_async(uurb->number_of_packets);
        if (!as) {
-               kfree(isopkt);
-               kfree(dr);
-               return -ENOMEM;
+               ret = -ENOMEM;
+               goto error;
        }
        if (uurb->buffer_length > 0) {
                as->urb->transfer_buffer = kmalloc(uurb->buffer_length,
                                GFP_KERNEL);
                if (!as->urb->transfer_buffer) {
-                       kfree(isopkt);
-                       kfree(dr);
-                       free_async(as);
-                       return -ENOMEM;
+                       ret = -ENOMEM;
+                       goto error;
                }
                /* Isochronous input data may end up being discontiguous
                 * if some of the packets are short.  Clear the buffer so
@@ -1253,6 +1249,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
 
        as->urb->transfer_buffer_length = uurb->buffer_length;
        as->urb->setup_packet = (unsigned char *)dr;
+       dr = NULL;
        as->urb->start_frame = uurb->start_frame;
        as->urb->number_of_packets = uurb->number_of_packets;
        if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
@@ -1268,6 +1265,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
                totlen += isopkt[u].length;
        }
        kfree(isopkt);
+       isopkt = NULL;
        as->ps = ps;
        as->userurb = arg;
        if (is_in && uurb->buffer_length > 0)
@@ -1282,8 +1280,8 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
        if (!is_in && uurb->buffer_length > 0) {
                if (copy_from_user(as->urb->transfer_buffer, uurb->buffer,
                                uurb->buffer_length)) {
-                       free_async(as);
-                       return -EFAULT;
+                       ret = -EFAULT;
+                       goto error;
                }
        }
        snoop_urb(ps->dev, as->userurb, as->urb->pipe,
@@ -1329,10 +1327,16 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
                snoop_urb(ps->dev, as->userurb, as->urb->pipe,
                                0, ret, COMPLETE, NULL, 0);
                async_removepending(as);
-               free_async(as);
-               return ret;
+               goto error;
        }
        return 0;
+
+ error:
+       kfree(isopkt);
+       kfree(dr);
+       if (as)
+               free_async(as);
+       return ret;
 }
 
 static int proc_submiturb(struct dev_state *ps, void __user *arg)