From patchwork Fri Oct 20 20:47:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 828793 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="jhejeXMn"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yJdCG3zYnz9t43 for ; Sat, 21 Oct 2017 07:47:22 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752623AbdJTUrN (ORCPT ); Fri, 20 Oct 2017 16:47:13 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:43415 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751888AbdJTUrM (ORCPT ); Fri, 20 Oct 2017 16:47:12 -0400 Received: by mail-pf0-f196.google.com with SMTP id a8so12642430pfc.0 for ; Fri, 20 Oct 2017 13:47:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=gNvMc4SrmUM8OdRLTaRU7EvUeeimq12HohXlCvE2Fos=; b=jhejeXMnl84ApIgcoBCS4RzPXcN8Kr7DC45qzn7I+6L6BQXIg5xvb0DaWM3ZHtkqJN ypZAonzk01652RIgTI1/5eNYQugQJ/+quqO7cozKNKsPpXBJdzTB9vGx6T2cyx/BZ/kY A4q8tC8IGlf5dTsOImdLZrKxaCLGKdCegDydQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=gNvMc4SrmUM8OdRLTaRU7EvUeeimq12HohXlCvE2Fos=; b=D+hlm2lK8RjmoV+2OsaZ4fZ+zHy46SzJRbwKpxwa/LbirAXVdHHrEr5HgW07e3lWrG CYk4taZ8bMR8q7fySbuz/IYOeKwRjyZiV+7YeOYFm9+m9MDs8gVqjVhkDnia4H3TLNga 3+UrprEGLYhXtv2IPKAOhjpCBGR9hfskJnW6MxjHlMgu+x/HaAnsR/hLm+5bZbR/lerV mfMKPHnfgmIJ4I4g6hcRqLvgnRG7QZc0UI1DUhqVem3sNXEPAedJ3/HrpdaY+07tKmA5 TSwHIrd2VTPZqXHC64WqC4Bobr1Nb9u5uhMc3rvZW9X6sYavXMYSrrSkYA9lcWZpdODZ fq+g== X-Gm-Message-State: AMCzsaWm0kMrIXmQ8HNq2nIn5jeBbTXFb4o077zgVQadUNAkAGTg6Bx4 GueA9hh4yWLSRbIdHwfe84KKwQ== X-Google-Smtp-Source: ABhQp+Tf+3CfIu5NN8Qi0I1g8xqtnwMg/Utb/UuKfQLzeE2cmtdTdsQUthY6keVcPDs6R/xr1vyLkA== X-Received: by 10.101.88.70 with SMTP id s6mr5597238pgr.216.1508532431567; Fri, 20 Oct 2017 13:47:11 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id m69sm3058757pfk.54.2017.10.20.13.47.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Oct 2017 13:47:09 -0700 (PDT) Date: Fri, 20 Oct 2017 13:47:08 -0700 From: Kees Cook To: Paul Bolle Cc: Karsten Keil , "David S. Miller" , Johan Hovold , linux-kernel@vger.kernel.org, gigaset307x-common@lists.sourceforge.net, netdev@vger.kernel.org Subject: [PATCH] isdn/gigaset: Provide cardstate context for bas timer callbacks Message-ID: <20171020204708.GA58150@beast> MIME-Version: 1.0 Content-Disposition: inline Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org While the work callback uses the urb to find cardstate from bas_cardstate, this may not be valid for timer callbacks. Instead, introduce a direct pointer back to the cardstate from bas_cardstate for use in timer callbacks. Reported-by: Paul Bolle Fixes: 4cfea08e6251 ("isdn/gigaset: Convert timers to use timer_setup()") Cc: Paul Bolle Cc: Karsten Keil Cc: "David S. Miller" Cc: Johan Hovold Cc: gigaset307x-common@lists.sourceforge.net Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook --- drivers/isdn/gigaset/bas-gigaset.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c index c990c6bbffc2..20d0a080a2b0 100644 --- a/drivers/isdn/gigaset/bas-gigaset.c +++ b/drivers/isdn/gigaset/bas-gigaset.c @@ -89,6 +89,7 @@ static int start_cbsend(struct cardstate *); struct bas_cardstate { struct usb_device *udev; /* USB device pointer */ + struct cardstate *cs; struct usb_interface *interface; /* interface for this device */ unsigned char minor; /* starting minor number */ @@ -436,8 +437,7 @@ static void check_pending(struct bas_cardstate *ucs) static void cmd_in_timeout(struct timer_list *t) { struct bas_cardstate *ucs = from_timer(ucs, t, timer_cmd_in); - struct urb *urb = ucs->urb_int_in; - struct cardstate *cs = urb->context; + struct cardstate *cs = ucs->cs; int rc; if (!ucs->rcvbuf_size) { @@ -643,8 +643,7 @@ static void int_in_work(struct work_struct *work) static void int_in_resubmit(struct timer_list *t) { struct bas_cardstate *ucs = from_timer(ucs, t, timer_int_in); - struct urb *urb = ucs->urb_int_in; - struct cardstate *cs = urb->context; + struct cardstate *cs = ucs->cs; int rc; if (ucs->retry_int_in++ >= BAS_RETRY) { @@ -1446,8 +1445,7 @@ static void read_iso_tasklet(unsigned long data) static void req_timeout(struct timer_list *t) { struct bas_cardstate *ucs = from_timer(ucs, t, timer_ctrl); - struct urb *urb = ucs->urb_int_in; - struct cardstate *cs = urb->context; + struct cardstate *cs = ucs->cs; int pending; unsigned long flags; @@ -1843,8 +1841,7 @@ static void write_command_callback(struct urb *urb) static void atrdy_timeout(struct timer_list *t) { struct bas_cardstate *ucs = from_timer(ucs, t, timer_atrdy); - struct urb *urb = ucs->urb_int_in; - struct cardstate *cs = urb->context; + struct cardstate *cs = ucs->cs; dev_warn(cs->dev, "timeout waiting for HD_READY_SEND_ATDATA\n"); @@ -2217,6 +2214,7 @@ static int gigaset_initcshw(struct cardstate *cs) } spin_lock_init(&ucs->lock); + ucs->cs = cs; timer_setup(&ucs->timer_ctrl, req_timeout, 0); timer_setup(&ucs->timer_atrdy, atrdy_timeout, 0); timer_setup(&ucs->timer_cmd_in, cmd_in_timeout, 0);