From 3e6df9191abe9dc46b7f9f540e1c3c73cfaccedf Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Mon, 28 Jul 2014 18:11:31 +0200 Subject: NFC: st21nfca: Fix scripts/checkpatch.pl warnings "Missing a blank line after declarations" Fixing scripts/checkpatch.pl warning "Missing a blank line after declarations" in: - st21nfca.c: - check_presence after fwi variable declaration. - get_frame_size after len variable declaration. - st21nfca_hci_i2c_repack after "i, j, r, size" variable declaration. - st21nfca_dep.c st21nfca_tx_work after skb pointer declaration. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index b2d9957b57f8..a62b6485cbbe 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -121,6 +121,7 @@ static void st21nfca_tx_work(struct work_struct *work) struct nfc_dev *dev; struct sk_buff *skb; + if (info) { dev = info->hdev->ndev; skb = info->dep_info.tx_pending; -- cgit v1.2.3 From 72030a2eeb182575f1bf2383f1e9267d4a6ece61 Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Mon, 11 Aug 2014 00:04:52 +0200 Subject: NFC: st21nfca: Change nfcid3 generation nfcid3 is based on sensf_res value. target->sensf is never NULL as it is a table. Check the sensf_res_len instead to make sure sensf_res is set or not. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index a62b6485cbbe..cd942c5adc53 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -523,7 +523,7 @@ int st21nfca_im_send_atr_req(struct nfc_hci_dev *hdev, u8 *gb, size_t gb_len) memset(atr_req->nfcid3, 0, NFC_NFCID3_MAXSIZE); target = hdev->ndev->targets; - if (target->sensf_res) + if (target->sensf_res_len > 0) memcpy(atr_req->nfcid3, target->sensf_res, target->sensf_res_len); else -- cgit v1.2.3 From 32b41d8f7587b6e8a2cbb3a15f83c3a9687f1f17 Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Mon, 11 Aug 2014 00:04:53 +0200 Subject: NFC: st21nfca: Remove useless err == 0 condition On top of st21nfca_im_recv_atr_res_cb and st21nfca_im_recv_dep_res_cb a condition if (err != 0) is present. Because err is never modified in the code err will always be 0 at the end. The condition can be removed. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index cd942c5adc53..979c96986b34 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -485,8 +485,7 @@ static void st21nfca_im_recv_atr_res_cb(void *context, struct sk_buff *skb, ST21NFCA_PP2LRI(atr_res->ppi)); break; default: - if (err == 0) - kfree_skb(skb); + kfree_skb(skb); break; } } @@ -616,8 +615,7 @@ static void st21nfca_im_recv_dep_res_cb(void *context, struct sk_buff *skb, } exit: - if (err == 0) - kfree_skb(skb); + kfree_skb(skb); } int st21nfca_im_send_dep_req(struct nfc_hci_dev *hdev, struct sk_buff *skb) -- cgit v1.2.3 From a51577c9e3c49dbc44c821f9e170b96bbea716e3 Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Mon, 11 Aug 2014 00:04:54 +0200 Subject: NFC: st21nfca: Remove useless IS_ERR(skb) conditions skb is already verified to be not null from the below hci layer. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index 979c96986b34..b6de27b5011d 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -198,10 +198,6 @@ static int st21nfca_tm_recv_atr_req(struct nfc_hci_dev *hdev, int r; skb_trim(skb, skb->len - 1); - if (IS_ERR(skb)) { - r = PTR_ERR(skb); - goto exit; - } if (!skb->len) { r = -EIO; @@ -281,11 +277,6 @@ static int st21nfca_tm_recv_psl_req(struct nfc_hci_dev *hdev, int r; skb_trim(skb, skb->len - 1); - if (IS_ERR(skb)) { - r = PTR_ERR(skb); - skb = NULL; - goto exit; - } if (!skb->len) { r = -EIO; @@ -331,11 +322,6 @@ static int st21nfca_tm_recv_dep_req(struct nfc_hci_dev *hdev, struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev); skb_trim(skb, skb->len - 1); - if (IS_ERR(skb)) { - r = PTR_ERR(skb); - skb = NULL; - goto exit; - } size = 4; @@ -369,12 +355,6 @@ static int st21nfca_tm_recv_dep_req(struct nfc_hci_dev *hdev, break; } - if (IS_ERR(skb)) { - r = PTR_ERR(skb); - skb = NULL; - goto exit; - } - skb_pull(skb, size); return nfc_tm_data_received(hdev->ndev, skb); -- cgit v1.2.3 From 56f1ffcccd784672654918f9214979b4918c2544 Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Mon, 11 Aug 2014 00:04:56 +0200 Subject: NFC: st21nfca: Add condition to make sure atr_req->length is valid. gb_len in st21nfca_tm_send_atr_res can be negative. Not checking for that could lead to a potential kernel oops. We now make sure that atr_req->length > sizeof(struct st21nfca_atr_req) to avoid such situation. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index b6de27b5011d..6c09a66d9a1d 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -211,6 +211,11 @@ static int st21nfca_tm_recv_atr_req(struct nfc_hci_dev *hdev, atr_req = (struct st21nfca_atr_req *)skb->data; + if (atr_req->length < sizeof(struct st21nfca_atr_req)) { + r = -EPROTO; + goto exit; + } + r = st21nfca_tm_send_atr_res(hdev, atr_req); if (r) goto exit; -- cgit v1.2.3 From cc3faac9d88faebe59556f3754ad306117e53b72 Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Sat, 13 Sep 2014 10:28:43 +0200 Subject: NFC: st21nfca: Fix few coding style issue Fix few conding style issue such as useless line return or tab. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index 6c09a66d9a1d..03dacc6550bc 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -129,9 +129,8 @@ static void st21nfca_tx_work(struct work_struct *work) device_lock(&dev->dev); nfc_hci_send_cmd_async(info->hdev, ST21NFCA_RF_READER_F_GATE, - ST21NFCA_WR_XCHG_DATA, - skb->data, skb->len, - info->async_cb, info); + ST21NFCA_WR_XCHG_DATA, skb->data, skb->len, + info->async_cb, info); device_unlock(&dev->dev); kfree_skb(skb); } @@ -239,7 +238,6 @@ static int st21nfca_tm_send_psl_res(struct nfc_hci_dev *hdev, struct st21nfca_psl_res *psl_res; struct sk_buff *skb; u8 bitrate[2] = {0, 0}; - int r; skb = alloc_skb(sizeof(struct st21nfca_psl_res), GFP_KERNEL); @@ -311,7 +309,7 @@ int st21nfca_tm_send_dep_res(struct nfc_hci_dev *hdev, struct sk_buff *skb) *skb_push(skb, 1) = skb->len; r = nfc_hci_send_event(hdev, ST21NFCA_RF_CARD_F_GATE, - ST21NFCA_EVT_SEND_DATA, skb->data, skb->len); + ST21NFCA_EVT_SEND_DATA, skb->data, skb->len); kfree_skb(skb); return r; -- cgit v1.2.3 From ecc6522b0804d8102d57a9eac36448bda416ce8c Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Sat, 13 Sep 2014 10:28:44 +0200 Subject: NFC: st21nfca: Fix potential skb leaks in NFC-DEP code After a unsuccessful call to nfc_hci_send_event the skb was not freed and might lead to memory leak. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index 03dacc6550bc..bf3132ba743c 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -185,8 +185,10 @@ static int st21nfca_tm_send_atr_res(struct nfc_hci_dev *hdev, info->dep_info.curr_nfc_dep_pni = 0; - return nfc_hci_send_event(hdev, ST21NFCA_RF_CARD_F_GATE, + r = nfc_hci_send_event(hdev, ST21NFCA_RF_CARD_F_GATE, ST21NFCA_EVT_SEND_DATA, skb->data, skb->len); + kfree_skb(skb); + return r; } static int st21nfca_tm_recv_atr_req(struct nfc_hci_dev *hdev, @@ -254,6 +256,8 @@ static int st21nfca_tm_send_psl_res(struct nfc_hci_dev *hdev, r = nfc_hci_send_event(hdev, ST21NFCA_RF_CARD_F_GATE, ST21NFCA_EVT_SEND_DATA, skb->data, skb->len); + if (r < 0) + goto error; /* * ST21NFCA only support P2P passive. @@ -269,8 +273,11 @@ static int st21nfca_tm_send_psl_res(struct nfc_hci_dev *hdev, } /* Send an event to change bitrate change event to card f */ - return nfc_hci_send_event(hdev, ST21NFCA_RF_CARD_F_GATE, + r = nfc_hci_send_event(hdev, ST21NFCA_RF_CARD_F_GATE, ST21NFCA_EVT_CARD_F_BITRATE, bitrate, 2); +error: + kfree_skb(skb); + return r; } static int st21nfca_tm_recv_psl_req(struct nfc_hci_dev *hdev, -- cgit v1.2.3 From 459e794b9b1e0c6be93745344c40364296e7aacd Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Sat, 13 Sep 2014 10:28:52 +0200 Subject: NFC: st21nfca: ERR_PTR vs NULL fix "skb" can be NULL here but it can't be an ERR_PTR: - IS_ERR(NULL) return false and skb migth be NULL. - skb cannot be a ERR_PTR as nfc_hci_send_cmd_async it never using such cast. !skb is more appropriate at those places. Reported-by: Dan Carpenter Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index bf3132ba743c..9408122fb948 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -443,7 +443,7 @@ static void st21nfca_im_recv_atr_res_cb(void *context, struct sk_buff *skb, if (err != 0) return; - if (IS_ERR(skb)) + if (!skb) return; switch (info->async_cb_type) { @@ -555,7 +555,7 @@ static void st21nfca_im_recv_dep_res_cb(void *context, struct sk_buff *skb, if (err != 0) return; - if (IS_ERR(skb)) + if (!skb) return; switch (info->async_cb_type) { -- cgit v1.2.3 From 094e93592433312548dd5e43d7b24b152f658063 Mon Sep 17 00:00:00 2001 From: Christophe Ricard Date: Sat, 13 Sep 2014 10:28:53 +0200 Subject: NFC: st21nfca: Fix potential double kfree_skb error skb is already freed in st21nfca_tx_work and was freed also in st21nfca_im_send_psl_req. Signed-off-by: Christophe Ricard Signed-off-by: Samuel Ortiz --- drivers/nfc/st21nfca/st21nfca_dep.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'drivers/nfc/st21nfca/st21nfca_dep.c') diff --git a/drivers/nfc/st21nfca/st21nfca_dep.c b/drivers/nfc/st21nfca/st21nfca_dep.c index 9408122fb948..bfb6df56c505 100644 --- a/drivers/nfc/st21nfca/st21nfca_dep.c +++ b/drivers/nfc/st21nfca/st21nfca_dep.c @@ -428,8 +428,6 @@ static void st21nfca_im_send_psl_req(struct nfc_hci_dev *hdev, u8 did, u8 bsi, *skb_push(skb, 1) = info->dep_info.to | 0x10; st21nfca_im_send_pdu(info, skb); - - kfree_skb(skb); } #define ST21NFCA_CB_TYPE_READER_F 1 -- cgit v1.2.3