diff mbox series

usb: gadget: function: rndis: drop useless checks in gen_ndis_query_resp()

Message ID 8c1a12b4-e8e5-4423-86b4-4b816d53cd7f@omp.ru
State New
Headers show
Series usb: gadget: function: rndis: drop useless checks in gen_ndis_query_resp() | expand

Commit Message

Sergey Shtylyov May 3, 2025, 8:26 p.m. UTC
In gen_ndis_query_resp(), params->dev is checked against NULL several times
in the *switch* statement; however, first it gets passed to dev_get_stats()
which dereferences it unconditionally.  Moreover, params->dev is checked at
the start of rndis_query_response() (our function's only caller) and error
is returned if it's NULL, so the checks inside the *switch* appear totally
redundant -- remove them.

Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.

Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>

---
This patch is against the usb-next branch of Greg KH's usb.git repo.

The previous attempt to deal with this issue by Jim Lin [1] got withdrawn,
so 5 Svace's reports against this driver are stuck in our "debt" list since
2022 -- trying to move the situation forward now that I have some time...

[1] https://lore.kernel.org/all/20220908175615.5095-1-jilin@nvidia.com/

 drivers/usb/gadget/function/rndis.c |   34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)
diff mbox series

Patch

Index: usb/drivers/usb/gadget/function/rndis.c
===================================================================
--- usb.orig/drivers/usb/gadget/function/rndis.c
+++ usb/drivers/usb/gadget/function/rndis.c
@@ -246,10 +246,8 @@  static int gen_ndis_query_resp(struct rn
 	/* mandatory */
 	case RNDIS_OID_GEN_MAXIMUM_FRAME_SIZE:
 		pr_debug("%s: RNDIS_OID_GEN_MAXIMUM_FRAME_SIZE\n", __func__);
-		if (params->dev) {
-			*outbuf = cpu_to_le32(params->dev->mtu);
-			retval = 0;
-		}
+		*outbuf = cpu_to_le32(params->dev->mtu);
+		retval = 0;
 		break;
 
 	/* mandatory */
@@ -266,19 +264,15 @@  static int gen_ndis_query_resp(struct rn
 	/* mandatory */
 	case RNDIS_OID_GEN_TRANSMIT_BLOCK_SIZE:
 		pr_debug("%s: RNDIS_OID_GEN_TRANSMIT_BLOCK_SIZE\n", __func__);
-		if (params->dev) {
-			*outbuf = cpu_to_le32(params->dev->mtu);
-			retval = 0;
-		}
+		*outbuf = cpu_to_le32(params->dev->mtu);
+		retval = 0;
 		break;
 
 	/* mandatory */
 	case RNDIS_OID_GEN_RECEIVE_BLOCK_SIZE:
 		pr_debug("%s: RNDIS_OID_GEN_RECEIVE_BLOCK_SIZE\n", __func__);
-		if (params->dev) {
-			*outbuf = cpu_to_le32(params->dev->mtu);
-			retval = 0;
-		}
+		*outbuf = cpu_to_le32(params->dev->mtu);
+		retval = 0;
 		break;
 
 	/* mandatory */
@@ -405,21 +399,17 @@  static int gen_ndis_query_resp(struct rn
 	/* mandatory */
 	case RNDIS_OID_802_3_PERMANENT_ADDRESS:
 		pr_debug("%s: RNDIS_OID_802_3_PERMANENT_ADDRESS\n", __func__);
-		if (params->dev) {
-			length = ETH_ALEN;
-			memcpy(outbuf, params->host_mac, length);
-			retval = 0;
-		}
+		length = ETH_ALEN;
+		memcpy(outbuf, params->host_mac, length);
+		retval = 0;
 		break;
 
 	/* mandatory */
 	case RNDIS_OID_802_3_CURRENT_ADDRESS:
 		pr_debug("%s: RNDIS_OID_802_3_CURRENT_ADDRESS\n", __func__);
-		if (params->dev) {
-			length = ETH_ALEN;
-			memcpy(outbuf, params->host_mac, length);
-			retval = 0;
-		}
+		length = ETH_ALEN;
+		memcpy(outbuf, params->host_mac, length);
+		retval = 0;
 		break;
 
 	/* mandatory */