diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-04-08 02:57:26 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-04-08 02:57:26 +0000 |
| commit | bbfe5cc76c1caf2b1b5fcc22429b420fdec501f8 (patch) | |
| tree | 96f1934f62e4c72a1c903e650d612858ae90e9d6 | |
| parent | b2ed98c2714b1414dd6b981eb8733a1d7d4a689c (diff) | |
A pile of sizes to free(9). In test for a few days in snapshots.
Errors will result in nice clean panic messages so we know what's wrong.
Reviewed by dhill visa natano jsg.
53 files changed, 248 insertions, 230 deletions
diff --git a/sys/dev/i2c/ihidev.c b/sys/dev/i2c/ihidev.c index a416e34abec..269fe74628c 100644 --- a/sys/dev/i2c/ihidev.c +++ b/sys/dev/i2c/ihidev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ihidev.c,v 1.12 2016/04/23 09:40:28 kettenis Exp $ */ +/* $OpenBSD: ihidev.c,v 1.13 2017/04/08 02:57:23 deraadt Exp $ */ /* * HID-over-i2c driver * @@ -209,7 +209,7 @@ ihidev_detach(struct device *self, int flags) } if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_DEVBUF, 0); + free(sc->sc_ibuf, M_DEVBUF, sc->sc_isize); sc->sc_ibuf = NULL; } diff --git a/sys/dev/ic/aac.c b/sys/dev/ic/aac.c index d7e4a33bc97..84f6d7a2670 100644 --- a/sys/dev/ic/aac.c +++ b/sys/dev/ic/aac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aac.c,v 1.67 2016/03/27 11:06:19 mpi Exp $ */ +/* $OpenBSD: aac.c,v 1.68 2017/04/08 02:57:24 deraadt Exp $ */ /*- * Copyright (c) 2000 Michael Smith @@ -996,7 +996,7 @@ aac_alloc_commands(struct aac_softc *sc) exit_map: bus_dmamem_free(sc->aac_dmat, &fm->aac_seg, fm->aac_nsegs); exit_alloc: - free(fm, M_DEVBUF, 0); + free(fm, M_DEVBUF, sizeof *fm); exit: AAC_LOCK_RELEASE(&sc->aac_io_lock); return (error); @@ -1030,7 +1030,7 @@ aac_free_commands(struct aac_softc *sc) bus_dmamem_unmap(sc->aac_dmat, (caddr_t)fm->aac_fibs, AAC_FIBMAP_SIZE); bus_dmamem_free(sc->aac_dmat, &fm->aac_seg, fm->aac_nsegs); - free(fm, M_DEVBUF, 0); + free(fm, M_DEVBUF, sizeof *fm); } } diff --git a/sys/dev/ic/ami.c b/sys/dev/ic/ami.c index d544684df25..3fa06417578 100644 --- a/sys/dev/ic/ami.c +++ b/sys/dev/ic/ami.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ami.c,v 1.232 2016/08/14 04:08:03 dlg Exp $ */ +/* $OpenBSD: ami.c,v 1.233 2017/04/08 02:57:24 deraadt Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -2293,7 +2293,7 @@ ami_ioctl_disk(struct ami_softc *sc, struct bioc_disk *bd) done: error = 0; bail: - free(p, M_DEVBUF, 0); + free(p, M_DEVBUF, sizeof *p); dma_free(vpdbuf, sizeof(*vpdbuf)); dma_free(inqbuf, sizeof(*inqbuf)); diff --git a/sys/dev/ic/i82365.c b/sys/dev/ic/i82365.c index afd6285a8fb..7d34c3c1a42 100644 --- a/sys/dev/ic/i82365.c +++ b/sys/dev/ic/i82365.c @@ -1,4 +1,4 @@ -/* $OpenBSD: i82365.c,v 1.34 2015/08/15 19:29:00 miod Exp $ */ +/* $OpenBSD: i82365.c,v 1.35 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: i82365.c,v 1.10 1998/06/09 07:36:55 thorpej Exp $ */ /* @@ -469,9 +469,9 @@ pcic_event_process(h, pe) break; if (pe2->pe_type == PCIC_EVENT_INSERTION) { SIMPLEQ_REMOVE_HEAD(&h->events, pe_q); - free(pe1, M_TEMP, 0); + free(pe1, M_TEMP, sizeof *pe1); SIMPLEQ_REMOVE_HEAD(&h->events, pe_q); - free(pe2, M_TEMP, 0); + free(pe2, M_TEMP, sizeof *pe2); } } splx(s); @@ -493,9 +493,9 @@ pcic_event_process(h, pe) break; if (pe2->pe_type == PCIC_EVENT_REMOVAL) { SIMPLEQ_REMOVE_HEAD(&h->events, pe_q); - free(pe1, M_TEMP, 0); + free(pe1, M_TEMP, sizeof *pe1); SIMPLEQ_REMOVE_HEAD(&h->events, pe_q); - free(pe2, M_TEMP, 0); + free(pe2, M_TEMP, sizeof *pe1); } } splx(s); @@ -507,7 +507,7 @@ pcic_event_process(h, pe) default: panic("pcic_event_thread: unknown event %d", pe->pe_type); } - free(pe, M_TEMP, 0); + free(pe, M_TEMP, sizeof *pe); } void diff --git a/sys/dev/ic/nvme.c b/sys/dev/ic/nvme.c index f90db0ce372..0785fbdadf5 100644 --- a/sys/dev/ic/nvme.c +++ b/sys/dev/ic/nvme.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nvme.c,v 1.53 2016/11/15 12:17:42 mpi Exp $ */ +/* $OpenBSD: nvme.c,v 1.54 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2014 David Gwynne <dlg@openbsd.org> @@ -1220,7 +1220,7 @@ nvme_q_alloc(struct nvme_softc *sc, u_int16_t id, u_int entries, u_int dstrd) free_sq: nvme_dmamem_free(sc, q->q_sq_dmamem); free: - free(q, M_DEVBUF, 0); + free(q, M_DEVBUF, sizeof *q); return (NULL); } @@ -1232,7 +1232,7 @@ nvme_q_free(struct nvme_softc *sc, struct nvme_queue *q) nvme_dmamem_sync(sc, q->q_sq_dmamem, BUS_DMASYNC_POSTWRITE); nvme_dmamem_free(sc, q->q_cq_dmamem); nvme_dmamem_free(sc, q->q_sq_dmamem); - free(q, M_DEVBUF, 0); + free(q, M_DEVBUF, sizeof *q); } int @@ -1299,7 +1299,7 @@ free: destroy: bus_dmamap_destroy(sc->sc_dmat, ndm->ndm_map); ndmfree: - free(ndm, M_DEVBUF, 0); + free(ndm, M_DEVBUF, sizeof *ndm); return (NULL); } @@ -1318,6 +1318,6 @@ nvme_dmamem_free(struct nvme_softc *sc, struct nvme_dmamem *ndm) bus_dmamem_unmap(sc->sc_dmat, ndm->ndm_kva, ndm->ndm_size); bus_dmamem_free(sc->sc_dmat, &ndm->ndm_seg, 1); bus_dmamap_destroy(sc->sc_dmat, ndm->ndm_map); - free(ndm, M_DEVBUF, 0); + free(ndm, M_DEVBUF, sizeof *ndm); } diff --git a/sys/dev/ic/rtw.c b/sys/dev/ic/rtw.c index 0ced9313a23..b5d84ed78f2 100644 --- a/sys/dev/ic/rtw.c +++ b/sys/dev/ic/rtw.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtw.c,v 1.97 2017/01/22 10:17:38 dlg Exp $ */ +/* $OpenBSD: rtw.c,v 1.98 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: rtw.c,v 1.29 2004/12/27 19:49:16 dyoung Exp $ */ /*- @@ -4057,11 +4057,11 @@ rtw_attach(struct rtw_softc *sc) fail8: sr = &sc->sc_srom; - sr->sr_size = 0; if (sr->sr_content != NULL) { - free(sr->sr_content, M_DEVBUF, 0); + free(sr->sr_content, M_DEVBUF, sr->sr_size); sr->sr_content = NULL; } + sr->sr_size = 0; fail7: rtw_rxdesc_dmamaps_destroy(sc->sc_dmat, &sc->sc_rxsoft[0], diff --git a/sys/dev/pci/if_nxe.c b/sys/dev/pci/if_nxe.c index 9b30900daed..890a8db8f8e 100644 --- a/sys/dev/pci/if_nxe.c +++ b/sys/dev/pci/if_nxe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_nxe.c,v 1.74 2017/01/22 10:17:38 dlg Exp $ */ +/* $OpenBSD: if_nxe.c,v 1.75 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2007 David Gwynne <dlg@openbsd.org> @@ -1949,7 +1949,7 @@ nxe_pkt_free(struct nxe_softc *sc, struct nxe_pkt_list *npl) bus_dmamap_destroy(sc->sc_dmat, pkt->pkt_dmap); free(npl->npl_pkts, M_DEVBUF, 0); - free(npl, M_DEVBUF, 0); + free(npl, M_DEVBUF, sizeof *npl); } struct nxe_pkt * @@ -2014,7 +2014,7 @@ free: destroy: bus_dmamap_destroy(sc->sc_dmat, ndm->ndm_map); ndmfree: - free(ndm, M_DEVBUF, 0); + free(ndm, M_DEVBUF, sizeof *ndm); return (NULL); } @@ -2025,7 +2025,7 @@ nxe_dmamem_free(struct nxe_softc *sc, struct nxe_dmamem *ndm) bus_dmamem_unmap(sc->sc_dmat, ndm->ndm_kva, ndm->ndm_size); bus_dmamem_free(sc->sc_dmat, &ndm->ndm_seg, 1); bus_dmamap_destroy(sc->sc_dmat, ndm->ndm_map); - free(ndm, M_DEVBUF, 0); + free(ndm, M_DEVBUF, sizeof *ndm); } u_int32_t diff --git a/sys/dev/pci/if_wpi.c b/sys/dev/pci/if_wpi.c index edc03dd0d76..5106d75a6b2 100644 --- a/sys/dev/pci/if_wpi.c +++ b/sys/dev/pci/if_wpi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wpi.c,v 1.139 2017/03/08 12:02:41 mpi Exp $ */ +/* $OpenBSD: if_wpi.c,v 1.140 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2006-2008 @@ -2957,19 +2957,18 @@ wpi_read_firmware(struct wpi_softc *sc) { struct wpi_fw_info *fw = &sc->fw; const struct wpi_firmware_hdr *hdr; - size_t size; int error; /* Read firmware image from filesystem. */ - if ((error = loadfirmware("wpi-3945abg", &fw->data, &size)) != 0) { + if ((error = loadfirmware("wpi-3945abg", &fw->data, &fw->datalen)) != 0) { printf("%s: error, %d, could not read firmware %s\n", sc->sc_dev.dv_xname, error, "wpi-3945abg"); return error; } - if (size < sizeof (*hdr)) { + if (fw->datalen < sizeof (*hdr)) { printf("%s: truncated firmware header: %zu bytes\n", - sc->sc_dev.dv_xname, size); - free(fw->data, M_DEVBUF, size); + sc->sc_dev.dv_xname, fw->datalen); + free(fw->data, M_DEVBUF, fw->datalen); return EINVAL; } /* Extract firmware header information. */ @@ -2989,16 +2988,16 @@ wpi_read_firmware(struct wpi_softc *sc) fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ || (fw->boot.textsz & 3) != 0) { printf("%s: invalid firmware header\n", sc->sc_dev.dv_xname); - free(fw->data, M_DEVBUF, size); + free(fw->data, M_DEVBUF, fw->datalen); return EINVAL; } /* Check that all firmware sections fit. */ - if (size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + + if (fw->datalen < sizeof (*hdr) + fw->main.textsz + fw->main.datasz + fw->init.textsz + fw->init.datasz + fw->boot.textsz) { printf("%s: firmware file too short: %zu bytes\n", - sc->sc_dev.dv_xname, size); - free(fw->data, M_DEVBUF, size); + sc->sc_dev.dv_xname, fw->datalen); + free(fw->data, M_DEVBUF, fw->datalen); return EINVAL; } @@ -3290,7 +3289,7 @@ wpi_init(struct ifnet *ifp) /* Initialize hardware and upload firmware. */ error = wpi_hw_init(sc); - free(sc->fw.data, M_DEVBUF, 0); + free(sc->fw.data, M_DEVBUF, sc->fw.datalen); if (error != 0) { printf("%s: could not initialize hardware\n", sc->sc_dev.dv_xname); diff --git a/sys/dev/pci/if_wpivar.h b/sys/dev/pci/if_wpivar.h index 755f2c16ac9..849208b2319 100644 --- a/sys/dev/pci/if_wpivar.h +++ b/sys/dev/pci/if_wpivar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wpivar.h,v 1.26 2016/09/05 08:18:40 tedu Exp $ */ +/* $OpenBSD: if_wpivar.h,v 1.27 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2006-2008 @@ -123,6 +123,7 @@ struct wpi_fw_part { struct wpi_fw_info { u_char *data; + size_t datalen; struct wpi_fw_part init; struct wpi_fw_part main; struct wpi_fw_part boot; diff --git a/sys/dev/pci/mfii.c b/sys/dev/pci/mfii.c index 38dffe7f9df..95e9e69bf39 100644 --- a/sys/dev/pci/mfii.c +++ b/sys/dev/pci/mfii.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mfii.c,v 1.42 2017/02/11 04:12:28 dlg Exp $ */ +/* $OpenBSD: mfii.c,v 1.43 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2012 David Gwynne <dlg@openbsd.org> @@ -719,7 +719,7 @@ mfii_syspd(struct mfii_softc *sc) return (0); free_pdsc: - free(sc->sc_pd, M_DEVBUF, 0); + free(sc->sc_pd, M_DEVBUF, sizeof(*sc->sc_pd)); return (1); } @@ -795,7 +795,7 @@ free: destroy: bus_dmamap_destroy(sc->sc_dmat, m->mdm_map); mdmfree: - free(m, M_DEVBUF, 0); + free(m, M_DEVBUF, sizeof *m); return (NULL); } @@ -807,7 +807,7 @@ mfii_dmamem_free(struct mfii_softc *sc, struct mfii_dmamem *m) bus_dmamem_unmap(sc->sc_dmat, m->mdm_kva, m->mdm_size); bus_dmamem_free(sc->sc_dmat, &m->mdm_seg, 1); bus_dmamap_destroy(sc->sc_dmat, m->mdm_map); - free(m, M_DEVBUF, 0); + free(m, M_DEVBUF, sizeof *m); } void diff --git a/sys/dev/pci/mpii.c b/sys/dev/pci/mpii.c index b3fa2087260..2738823da81 100644 --- a/sys/dev/pci/mpii.c +++ b/sys/dev/pci/mpii.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mpii.c,v 1.110 2017/01/16 18:18:16 mikeb Exp $ */ +/* $OpenBSD: mpii.c,v 1.111 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2010, 2012 Mike Belopuhov * Copyright (c) 2009 James Giannoules @@ -1764,7 +1764,7 @@ mpii_event_raid(struct mpii_softc *sc, struct mpii_msg_event_reply *enp) dev->slot = sc->sc_vd_id_low; dev->dev_handle = lemtoh16(&ce->vol_dev_handle); if (mpii_insert_dev(sc, dev)) { - free(dev, M_DEVBUF, 0); + free(dev, M_DEVBUF, sizeof *dev); break; } sc->sc_vd_count++; @@ -1871,7 +1871,7 @@ mpii_event_sas(void *xsc) dev->expander = lemtoh16(&tcl->expander_handle); if (mpii_insert_dev(sc, dev)) { - free(dev, M_DEVBUF, 0); + free(dev, M_DEVBUF, sizeof *dev); break; } @@ -1894,7 +1894,7 @@ mpii_event_sas(void *xsc) DETACH_FORCE); } - free(dev, M_DEVBUF, 0); + free(dev, M_DEVBUF, sizeof *dev); break; } } @@ -2419,7 +2419,7 @@ free: destroy: bus_dmamap_destroy(sc->sc_dmat, mdm->mdm_map); mdmfree: - free(mdm, M_DEVBUF, 0); + free(mdm, M_DEVBUF, sizeof *mdm); return (NULL); } @@ -2433,7 +2433,7 @@ mpii_dmamem_free(struct mpii_softc *sc, struct mpii_dmamem *mdm) bus_dmamem_unmap(sc->sc_dmat, mdm->mdm_kva, mdm->mdm_size); bus_dmamem_free(sc->sc_dmat, &mdm->mdm_seg, 1); bus_dmamap_destroy(sc->sc_dmat, mdm->mdm_map); - free(mdm, M_DEVBUF, 0); + free(mdm, M_DEVBUF, sizeof *mdm); } int @@ -2565,7 +2565,7 @@ free_maps: mpii_dmamem_free(sc, sc->sc_requests); free_ccbs: - free(sc->sc_ccbs, M_DEVBUF, 0); + free(sc->sc_ccbs, M_DEVBUF, (sc->sc_max_cmds-1) * sizeof(*ccb)); return (1); } @@ -2627,7 +2627,8 @@ mpii_alloc_replies(struct mpii_softc *sc) sc->sc_replies = mpii_dmamem_alloc(sc, sc->sc_reply_size * sc->sc_num_reply_frames); if (sc->sc_replies == NULL) { - free(sc->sc_rcbs, M_DEVBUF, 0); + free(sc->sc_rcbs, M_DEVBUF, + sc->sc_num_reply_frames * sizeof(struct mpii_rcb)); return (1); } @@ -3241,7 +3242,7 @@ mpii_ioctl_cache(struct scsi_link *link, u_long cmd, struct dk_cache *dc) scsi_io_put(&sc->sc_iopool, ccb); done: - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (rv); } @@ -3328,7 +3329,7 @@ mpii_ioctl_vol(struct mpii_softc *sc, struct bioc_vol *bv) &hdr, 1, vpg, pagelen) != 0) { printf("%s: unable to fetch raid volume page 0\n", DEVNAME(sc)); - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (EINVAL); } @@ -3373,7 +3374,7 @@ mpii_ioctl_vol(struct mpii_softc *sc, struct bioc_vol *bv) } if ((rv = mpii_bio_hs(sc, NULL, 0, vpg->hot_spare_pool, &hcnt)) != 0) { - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (rv); } @@ -3387,7 +3388,7 @@ mpii_ioctl_vol(struct mpii_softc *sc, struct bioc_vol *bv) strlcpy(bv->bv_dev, scdev->dv_xname, sizeof(bv->bv_dev)); } - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (0); } @@ -3428,7 +3429,7 @@ mpii_ioctl_disk(struct mpii_softc *sc, struct bioc_disk *bd) &hdr, 1, vpg, pagelen) != 0) { printf("%s: unable to fetch raid volume page 0\n", DEVNAME(sc)); - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (EINVAL); } @@ -3436,7 +3437,7 @@ mpii_ioctl_disk(struct mpii_softc *sc, struct bioc_disk *bd) int nvdsk = vpg->num_phys_disks; int hsmap = vpg->hot_spare_pool; - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (mpii_bio_hs(sc, bd, nvdsk, hsmap, NULL)); } @@ -3444,7 +3445,7 @@ mpii_ioctl_disk(struct mpii_softc *sc, struct bioc_disk *bd) bd->bd_diskid; dn = pd->phys_disk_num; - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (mpii_bio_disk(sc, bd, dn)); } @@ -3484,7 +3485,7 @@ mpii_bio_hs(struct mpii_softc *sc, struct bioc_disk *bd, int nvdsk, MPII_PG_EXTENDED, &ehdr, 1, cpg, pagelen) != 0) { printf("%s: unable to fetch raid config page 0\n", DEVNAME(sc)); - free(cpg, M_TEMP, 0); + free(cpg, M_TEMP, pagelen); return (EINVAL); } @@ -3503,7 +3504,7 @@ mpii_bio_hs(struct mpii_softc *sc, struct bioc_disk *bd, int nvdsk, if (bd != NULL && bd->bd_diskid == nhs + nvdsk) { u_int8_t dn = el->phys_disk_num; - free(cpg, M_TEMP, 0); + free(cpg, M_TEMP, pagelen); return (mpii_bio_disk(sc, bd, dn)); } nhs++; @@ -3513,7 +3514,7 @@ mpii_bio_hs(struct mpii_softc *sc, struct bioc_disk *bd, int nvdsk, if (hscnt) *hscnt = nhs; - free(cpg, M_TEMP, 0); + free(cpg, M_TEMP, pagelen); return (0); } @@ -3544,7 +3545,7 @@ mpii_bio_disk(struct mpii_softc *sc, struct bioc_disk *bd, u_int8_t dn) &hdr, 1, ppg, sizeof(*ppg)) != 0) { printf("%s: unable to fetch raid drive page 0\n", DEVNAME(sc)); - free(ppg, M_TEMP, 0); + free(ppg, M_TEMP, sizeof(*ppg)); return (EINVAL); } @@ -3552,7 +3553,7 @@ mpii_bio_disk(struct mpii_softc *sc, struct bioc_disk *bd, u_int8_t dn) if ((dev = mpii_find_dev(sc, lemtoh16(&ppg->dev_handle))) == NULL) { bd->bd_status = BIOC_SDINVALID; - free(ppg, M_TEMP, 0); + free(ppg, M_TEMP, sizeof(*ppg)); return (0); } @@ -3597,7 +3598,7 @@ mpii_bio_disk(struct mpii_softc *sc, struct bioc_disk *bd, u_int8_t dn) sizeof(ppg->product_id)); scsi_strvis(bd->bd_serial, ppg->serial, sizeof(ppg->serial)); - free(ppg, M_TEMP, 0); + free(ppg, M_TEMP, sizeof(*ppg)); return (0); } @@ -3650,7 +3651,7 @@ mpii_bio_volstate(struct mpii_softc *sc, struct bioc_vol *bv) MPII_PG_POLL, &hdr, 1, vpg, pagelen) != 0) { DNPRINTF(MPII_D_MISC, "%s: unable to fetch raid volume " "page 0\n", DEVNAME(sc)); - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (EINVAL); } @@ -3678,7 +3679,7 @@ mpii_bio_volstate(struct mpii_softc *sc, struct bioc_vol *bv) break; } - free(vpg, M_TEMP, 0); + free(vpg, M_TEMP, pagelen); return (0); } diff --git a/sys/dev/usb/ehci.c b/sys/dev/usb/ehci.c index 00aeed0d94d..058aff19af1 100644 --- a/sys/dev/usb/ehci.c +++ b/sys/dev/usb/ehci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ehci.c,v 1.198 2017/03/30 14:44:36 deraadt Exp $ */ +/* $OpenBSD: ehci.c,v 1.199 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: ehci.c,v 1.66 2004/06/30 03:11:56 mycroft Exp $ */ /* @@ -487,7 +487,8 @@ ehci_init(struct ehci_softc *sc) ehci_free_sqh(sc, sc->sc_async_head); #endif bad1: - free(sc->sc_softitds, M_USB, 0); + free(sc->sc_softitds, M_USB, + sc->sc_flsize * sizeof(struct ehci_soft_itd *)); usb_freemem(&sc->sc_bus, &sc->sc_fldma); return (err); } @@ -942,7 +943,8 @@ ehci_detach(struct device *self, int flags) usb_delay_ms(&sc->sc_bus, 300); /* XXX let stray task complete */ - free(sc->sc_softitds, M_USB, 0); + free(sc->sc_softitds, M_USB, + sc->sc_flsize * sizeof(struct ehci_soft_itd *)); usb_freemem(&sc->sc_bus, &sc->sc_fldma); /* XXX free other data structures XXX */ diff --git a/sys/dev/usb/if_athn_usb.c b/sys/dev/usb/if_athn_usb.c index 6c0b88c715f..b5726cb61e7 100644 --- a/sys/dev/usb/if_athn_usb.c +++ b/sys/dev/usb/if_athn_usb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_athn_usb.c,v 1.46 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: if_athn_usb.c,v 1.47 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2011 Damien Bergamini <damien.bergamini@free.fr> @@ -391,6 +391,7 @@ athn_usb_open_pipes(struct athn_usb_softc *usc) usc->usb_dev.dv_xname); goto fail; } + usc->ibuflen = isize; error = usbd_open_pipe_intr(usc->sc_iface, AR_PIPE_RX_INTR, USBD_SHORT_XFER_OK, &usc->rx_intr_pipe, usc, usc->ibuf, isize, athn_usb_intr, USBD_DEFAULT_INTERVAL); @@ -433,7 +434,7 @@ athn_usb_close_pipes(struct athn_usb_softc *usc) usc->rx_intr_pipe = NULL; } if (usc->ibuf != NULL) { - free(usc->ibuf, M_USBDEV, 0); + free(usc->ibuf, M_USBDEV, usc->ibuflen); usc->ibuf = NULL; } } diff --git a/sys/dev/usb/if_athn_usb.h b/sys/dev/usb/if_athn_usb.h index 2bd51a37f4a..6f579be6432 100644 --- a/sys/dev/usb/if_athn_usb.h +++ b/sys/dev/usb/if_athn_usb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_athn_usb.h,v 1.7 2017/01/12 16:32:28 stsp Exp $ */ +/* $OpenBSD: if_athn_usb.h,v 1.8 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2011 Damien Bergamini <damien.bergamini@free.fr> @@ -434,6 +434,7 @@ struct athn_usb_softc { struct usbd_pipe *rx_intr_pipe; struct usbd_pipe *tx_intr_pipe; uint8_t *ibuf; + size_t ibuflen; struct ar_wmi_cmd_reg_write wbuf[AR_MAX_WRITE_COUNT]; int wcount; diff --git a/sys/dev/usb/if_kue.c b/sys/dev/usb/if_kue.c index 8df9089790e..fb4df182258 100644 --- a/sys/dev/usb/if_kue.c +++ b/sys/dev/usb/if_kue.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_kue.c,v 1.87 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: if_kue.c,v 1.88 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: if_kue.c,v 1.50 2002/07/16 22:00:31 augustss Exp $ */ /* * Copyright (c) 1997, 1998, 1999, 2000 @@ -469,6 +469,7 @@ kue_attachhook(struct device *self) sc->kue_dev.dv_xname); return; } + sc->kue_mcfilterslen = KUE_MCFILTCNT(sc); s = splnet(); @@ -541,7 +542,7 @@ kue_detach(struct device *self, int flags) s = splusb(); /* XXX why? */ if (sc->kue_mcfilters != NULL) { - free(sc->kue_mcfilters, M_USBDEV, 0); + free(sc->kue_mcfilters, M_USBDEV, sc->kue_mcfilterslen); sc->kue_mcfilters = NULL; } diff --git a/sys/dev/usb/if_kuereg.h b/sys/dev/usb/if_kuereg.h index f332365b5ac..3f5cc2dfa87 100644 --- a/sys/dev/usb/if_kuereg.h +++ b/sys/dev/usb/if_kuereg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_kuereg.h,v 1.11 2013/11/11 12:38:39 pirofti Exp $ */ +/* $OpenBSD: if_kuereg.h,v 1.12 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: if_kuereg.h,v 1.11 2001/01/21 02:35:31 augustss Exp $ */ /* * Copyright (c) 1997, 1998, 1999, 2000 @@ -179,6 +179,7 @@ struct kue_softc { int kue_if_flags; u_int16_t kue_rxfilt; u_int8_t *kue_mcfilters; + size_t kue_mcfilterslen; struct kue_cdata kue_cdata; char kue_attached; diff --git a/sys/dev/usb/if_otus.c b/sys/dev/usb/if_otus.c index 7e2507771f2..0185d107979 100644 --- a/sys/dev/usb/if_otus.c +++ b/sys/dev/usb/if_otus.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_otus.c,v 1.56 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: if_otus.c,v 1.57 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2009 Damien Bergamini <damien.bergamini@free.fr> @@ -482,6 +482,7 @@ otus_open_pipes(struct otus_softc *sc) sc->sc_dev.dv_xname); goto fail; } + sc->ibuflen = isize; error = usbd_open_pipe_intr(sc->sc_iface, AR_EPT_INTR_RX_NO, USBD_SHORT_XFER_OK, &sc->cmd_rx_pipe, sc, sc->ibuf, isize, otus_intr, USBD_DEFAULT_INTERVAL); @@ -558,7 +559,7 @@ otus_close_pipes(struct otus_softc *sc) usbd_close_pipe(sc->cmd_rx_pipe); } if (sc->ibuf != NULL) - free(sc->ibuf, M_USBDEV, 0); + free(sc->ibuf, M_USBDEV, sc->ibuflen); if (sc->data_tx_pipe != NULL) usbd_close_pipe(sc->data_tx_pipe); if (sc->cmd_tx_pipe != NULL) diff --git a/sys/dev/usb/if_otusreg.h b/sys/dev/usb/if_otusreg.h index ff507c5dd0c..0777cd5649e 100644 --- a/sys/dev/usb/if_otusreg.h +++ b/sys/dev/usb/if_otusreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_otusreg.h,v 1.9 2013/11/26 20:33:18 deraadt Exp $ */ +/* $OpenBSD: if_otusreg.h,v 1.10 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2009 Damien Bergamini <damien.bergamini@free.fr> @@ -937,6 +937,7 @@ struct otus_softc { struct usbd_pipe *cmd_tx_pipe; struct usbd_pipe *cmd_rx_pipe; uint8_t *ibuf; + size_t ibuflen; int sc_if_flags; int sc_tx_timer; diff --git a/sys/dev/usb/if_urndis.c b/sys/dev/usb/if_urndis.c index c31d5c7d5be..21821f9cf71 100644 --- a/sys/dev/usb/if_urndis.c +++ b/sys/dev/usb/if_urndis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_urndis.c,v 1.64 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: if_urndis.c,v 1.65 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2010 Jonathan Armani <armani@openbsd.org> @@ -241,7 +241,7 @@ urndis_ctrl_handle(struct urndis_softc *sc, struct rndis_comp_hdr *hdr, rval = RNDIS_STATUS_FAILURE; } - free(hdr, M_TEMP, 0); + free(hdr, M_TEMP, RNDIS_RESPONSE_LEN); return rval; } @@ -1431,10 +1431,10 @@ urndis_attach(struct device *parent, struct device *self, void *aux) if (bufsz == ETHER_ADDR_LEN) { memcpy(eaddr, buf, ETHER_ADDR_LEN); printf(", address %s\n", ether_sprintf(eaddr)); - free(buf, M_TEMP, 0); + free(buf, M_TEMP, bufsz); } else { printf(", invalid address\n"); - free(buf, M_TEMP, 0); + free(buf, M_TEMP, bufsz); splx(s); return; } diff --git a/sys/dev/usb/if_zyd.c b/sys/dev/usb/if_zyd.c index 1e7ca99000c..370d025bc51 100644 --- a/sys/dev/usb/if_zyd.c +++ b/sys/dev/usb/if_zyd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_zyd.c,v 1.117 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: if_zyd.c,v 1.118 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2006 by Damien Bergamini <damien.bergamini@free.fr> @@ -251,18 +251,18 @@ zyd_attachhook(struct device *self) struct zyd_softc *sc = (struct zyd_softc *)self; const char *fwname; u_char *fw; - size_t size; + size_t fwsize; int error; fwname = (sc->mac_rev == ZYD_ZD1211) ? "zd1211" : "zd1211b"; - if ((error = loadfirmware(fwname, &fw, &size)) != 0) { + if ((error = loadfirmware(fwname, &fw, &fwsize)) != 0) { printf("%s: error %d, could not read firmware file %s\n", sc->sc_dev.dv_xname, error, fwname); return; } - error = zyd_loadfirmware(sc, fw, size); - free(fw, M_DEVBUF, size); + error = zyd_loadfirmware(sc, fw, fwsize); + free(fw, M_DEVBUF, fwsize); if (error != 0) { printf("%s: could not load firmware (error=%d)\n", sc->sc_dev.dv_xname, error); @@ -466,7 +466,7 @@ zyd_open_pipes(struct zyd_softc *sc) sc->ibuf = malloc(isize, M_USBDEV, M_NOWAIT); if (sc->ibuf == NULL) return ENOMEM; - + sc->ibuflen = isize; error = usbd_open_pipe_intr(sc->sc_iface, 0x83, USBD_SHORT_XFER_OK, &sc->zyd_ep[ZYD_ENDPT_IIN], sc, sc->ibuf, isize, zyd_intr, USBD_DEFAULT_INTERVAL); @@ -522,7 +522,7 @@ zyd_close_pipes(struct zyd_softc *sc) } } if (sc->ibuf != NULL) { - free(sc->ibuf, M_USBDEV, 0); + free(sc->ibuf, M_USBDEV, sc->ibuflen); sc->ibuf = NULL; } } diff --git a/sys/dev/usb/if_zydreg.h b/sys/dev/usb/if_zydreg.h index a228b24d583..daa9f8039f1 100644 --- a/sys/dev/usb/if_zydreg.h +++ b/sys/dev/usb/if_zydreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_zydreg.h,v 1.28 2014/07/12 15:26:54 stsp Exp $ */ +/* $OpenBSD: if_zydreg.h,v 1.29 2017/04/08 02:57:25 deraadt Exp $ */ /*- * Copyright (c) 2006 by Damien Bergamini <damien.bergamini@free.fr> @@ -1220,6 +1220,7 @@ struct zyd_softc { #define ZYD_ENDPT_CNT 4 struct usbd_pipe *zyd_ep[ZYD_ENDPT_CNT]; uint8_t *ibuf; + size_t ibuflen; struct zyd_rx_data rx_data[ZYD_RX_LIST_CNT]; struct zyd_tx_data tx_data[ZYD_TX_LIST_CNT]; diff --git a/sys/dev/usb/uaudio.c b/sys/dev/usb/uaudio.c index b8e92becf2c..316646bb66c 100644 --- a/sys/dev/usb/uaudio.c +++ b/sys/dev/usb/uaudio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uaudio.c,v 1.125 2017/04/05 22:45:21 deraadt Exp $ */ +/* $OpenBSD: uaudio.c,v 1.126 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uaudio.c,v 1.90 2004/10/29 17:12:53 kent Exp $ */ /* @@ -623,7 +623,7 @@ uaudio_mixer_add_ctl(struct uaudio_softc *sc, struct mixerctl *mc) /* Copy old data, if there was any */ if (sc->sc_nctls != 0) { memcpy(nmc, sc->sc_ctls, sizeof(*mc) * (sc->sc_nctls)); - free(sc->sc_ctls, M_USBDEV, 0); + free(sc->sc_ctls, M_USBDEV, sc->sc_nctls * sizeof(*mc)); } sc->sc_ctls = nmc; @@ -1498,7 +1498,7 @@ uaudio_add_alt(struct uaudio_softc *sc, const struct as_info *ai) /* Copy old data, if there was any */ if (sc->sc_nalts != 0) { memcpy(nai, sc->sc_alts, sizeof(*ai) * (sc->sc_nalts)); - free(sc->sc_alts, M_USBDEV, 0); + free(sc->sc_alts, M_USBDEV, sc->sc_nalts * sizeof(*ai)); } sc->sc_alts = nai; DPRINTFN(2,("%s: adding alt=%d, enc=%d\n", @@ -1989,7 +1989,7 @@ uaudio_identify_ac(struct uaudio_softc *sc, const usb_config_descriptor_t *cdesc free(iot[i].output, M_TEMP, 0); iot[i].d.desc = NULL; } - free(iot, M_TEMP, 0); + free(iot, M_TEMP, 256 * sizeof(struct io_terminal)); return (USBD_NORMAL_COMPLETION); } diff --git a/sys/dev/usb/ubcmtp.c b/sys/dev/usb/ubcmtp.c index 4333c1f9e3d..fcc946dc167 100644 --- a/sys/dev/usb/ubcmtp.c +++ b/sys/dev/usb/ubcmtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubcmtp.c,v 1.14 2017/03/17 09:26:28 mpi Exp $ */ +/* $OpenBSD: ubcmtp.c,v 1.15 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2013-2014, joshua stein <jcs@openbsd.org> @@ -581,11 +581,11 @@ ubcmtp_disable(void *v) } if (sc->tp_pkt != NULL) { - free(sc->tp_pkt, M_USBDEV, 0); + free(sc->tp_pkt, M_USBDEV, sc->tp_maxlen); sc->tp_pkt = NULL; } if (sc->bt_pkt != NULL) { - free(sc->bt_pkt, M_USBDEV, 0); + free(sc->bt_pkt, M_USBDEV, sc->bt_maxlen); sc->bt_pkt = NULL; } } @@ -777,14 +777,14 @@ fail2: usbd_close_pipe(sc->sc_tp_pipe); } if (sc->tp_pkt != NULL) - free(sc->tp_pkt, M_USBDEV, 0); + free(sc->tp_pkt, M_USBDEV, sc->tp_maxlen); fail1: if (sc->sc_bt_pipe != NULL) { usbd_abort_pipe(sc->sc_bt_pipe); usbd_close_pipe(sc->sc_bt_pipe); } if (sc->bt_pkt != NULL) - free(sc->bt_pkt, M_USBDEV, 0); + free(sc->bt_pkt, M_USBDEV, sc->bt_maxlen); return (1); } diff --git a/sys/dev/usb/ubsa.c b/sys/dev/usb/ubsa.c index 7642e22c548..86705e64ccd 100644 --- a/sys/dev/usb/ubsa.c +++ b/sys/dev/usb/ubsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsa.c,v 1.64 2015/03/14 03:38:49 jsg Exp $ */ +/* $OpenBSD: ubsa.c,v 1.65 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: ubsa.c,v 1.5 2002/11/25 00:51:33 fvdl Exp $ */ /*- * Copyright (c) 2002, Alexander Kabaev <kan.FreeBSD.org>. @@ -370,7 +370,7 @@ ubsa_detach(struct device *self, int flags) if (sc->sc_intr_pipe != NULL) { usbd_abort_pipe(sc->sc_intr_pipe); usbd_close_pipe(sc->sc_intr_pipe); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } @@ -628,7 +628,7 @@ ubsa_close(void *addr, int portno) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } diff --git a/sys/dev/usb/uchcom.c b/sys/dev/usb/uchcom.c index 3484aad47e8..afd1ec0c951 100644 --- a/sys/dev/usb/uchcom.c +++ b/sys/dev/usb/uchcom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uchcom.c,v 1.26 2017/04/06 04:48:54 deraadt Exp $ */ +/* $OpenBSD: uchcom.c,v 1.27 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uchcom.c,v 1.1 2007/09/03 17:57:37 tshiozak Exp $ */ /* @@ -111,9 +111,9 @@ struct uchcom_softc struct usbd_interface *sc_iface; /* */ int sc_intr_endpoint; - int sc_intr_size; struct usbd_pipe *sc_intr_pipe; u_char *sc_intr_buf; + int sc_isize; /* */ uint8_t sc_version; int sc_dtr; @@ -272,7 +272,7 @@ uchcom_attach(struct device *parent, struct device *self, void *aux) goto failed; sc->sc_intr_endpoint = endpoints.ep_intr; - sc->sc_intr_size = endpoints.ep_intr_size; + sc->sc_isize = endpoints.ep_intr_size; /* setup ucom layer */ uca.portno = UCOM_UNK_PORTNO; @@ -770,13 +770,13 @@ uchcom_setup_intr_pipe(struct uchcom_softc *sc) usbd_status err; if (sc->sc_intr_endpoint != -1 && sc->sc_intr_pipe == NULL) { - sc->sc_intr_buf = malloc(sc->sc_intr_size, M_USBDEV, M_WAITOK); + sc->sc_intr_buf = malloc(sc->sc_isize, M_USBDEV, M_WAITOK); err = usbd_open_pipe_intr(sc->sc_iface, sc->sc_intr_endpoint, USBD_SHORT_XFER_OK, &sc->sc_intr_pipe, sc, sc->sc_intr_buf, - sc->sc_intr_size, + sc->sc_isize, uchcom_intr, USBD_DEFAULT_INTERVAL); if (err) { printf("%s: cannot open interrupt pipe: %s\n", @@ -799,7 +799,7 @@ uchcom_close_intr_pipe(struct uchcom_softc *sc) if (err) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } diff --git a/sys/dev/usb/ucycom.c b/sys/dev/usb/ucycom.c index 40519ba7673..97ef3e8ea74 100644 --- a/sys/dev/usb/ucycom.c +++ b/sys/dev/usb/ucycom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ucycom.c,v 1.35 2017/04/06 04:48:54 deraadt Exp $ */ +/* $OpenBSD: ucycom.c,v 1.36 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: ucycom.c,v 1.3 2005/08/05 07:27:47 skrll Exp $ */ /* @@ -291,11 +291,11 @@ ucycom_close(void *addr, int portno) s = splusb(); if (sc->sc_obuf != NULL) { - free(sc->sc_obuf, M_USBDEV, 0); + free(sc->sc_obuf, M_USBDEV, sc->sc_olen); sc->sc_obuf = NULL; } if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_ilen); sc->sc_ibuf = NULL; } splx(s); diff --git a/sys/dev/usb/udl.c b/sys/dev/usb/udl.c index 5083c3fc8d1..ab381fad777 100644 --- a/sys/dev/usb/udl.c +++ b/sys/dev/usb/udl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udl.c,v 1.86 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: udl.c,v 1.87 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2009 Marcus Glocker <mglocker@openbsd.org> @@ -648,6 +648,8 @@ udl_alloc_screen(void *v, const struct wsscreen_descr *type, DN(sc)); return (ENOMEM); } + sc->sc_cbslen = sc->sc_ri.ri_rows * sc->sc_ri.ri_cols * + sizeof(*sc->sc_cbs); sc->sc_nscreens++; @@ -669,7 +671,7 @@ udl_free_screen(void *v, void *cookie) /* free character backing store */ if (sc->sc_cbs != NULL) - free(sc->sc_cbs, M_DEVBUF, 0); + free(sc->sc_cbs, M_DEVBUF, sc->sc_cbslen); sc->sc_nscreens--; } @@ -1518,7 +1520,7 @@ udl_cmd_free_buf(struct udl_softc *sc) struct udl_cmd_buf *cb = &sc->sc_cmd_buf; if (cb->buf != NULL) { - free(cb->buf, M_DEVBUF, 0); + free(cb->buf, M_DEVBUF, UDL_CMD_MAX_XFER_SIZE); cb->buf = NULL; } cb->off = 0; diff --git a/sys/dev/usb/udl.h b/sys/dev/usb/udl.h index e62b83fc471..adf8caec0f5 100644 --- a/sys/dev/usb/udl.h +++ b/sys/dev/usb/udl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: udl.h,v 1.22 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: udl.h,v 1.23 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2009 Marcus Glocker <mglocker@openbsd.org> @@ -87,6 +87,7 @@ struct udl_softc { #define DLUNK 0x00ff /* unknown */ uint8_t sc_cur_mode; u_int *sc_cbs; /* character backing store */ + size_t sc_cbslen; /* * We use function pointers to the framebuffer manipulation diff --git a/sys/dev/usb/ugen.c b/sys/dev/usb/ugen.c index 62eb42c1279..9bf42c81574 100644 --- a/sys/dev/usb/ugen.c +++ b/sys/dev/usb/ugen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ugen.c,v 1.94 2016/05/24 05:35:01 mpi Exp $ */ +/* $OpenBSD: ugen.c,v 1.95 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: ugen.c,v 1.63 2002/11/26 18:49:48 christos Exp $ */ /* $FreeBSD: src/sys/dev/usb/ugen.c,v 1.26 1999/11/17 22:33:41 n_hibma Exp $ */ @@ -78,6 +78,7 @@ struct ugen_endpoint { struct clist q; struct selinfo rsel; u_char *ibuf; /* start of buffer (circular for isoc) */ + size_t ibuflen; u_char *fill; /* location for input (isoc) */ u_char *limit; /* end of circular buffer (isoc) */ u_char *cur; /* current read location (isoc) */ @@ -313,7 +314,8 @@ ugenopen(dev_t dev, int flag, int mode, struct proc *p) isize = UGETW(edesc->wMaxPacketSize); if (isize == 0) /* shouldn't happen */ return (EINVAL); - sce->ibuf = malloc(isize, M_USBDEV, M_WAITOK); + sce->ibuflen = isize; + sce->ibuf = malloc(sce->ibuflen, M_USBDEV, M_WAITOK); DPRINTFN(5, ("ugenopen: intr endpt=%d,isize=%d\n", endpt, isize)); clalloc(&sce->q, UGEN_IBSIZE, 0); @@ -323,7 +325,7 @@ ugenopen(dev_t dev, int flag, int mode, struct proc *p) sce->ibuf, isize, ugenintr, USBD_DEFAULT_INTERVAL); if (err) { - free(sce->ibuf, M_USBDEV, 0); + free(sce->ibuf, M_USBDEV, sce->ibuflen); clfree(&sce->q); return (EIO); } @@ -341,6 +343,7 @@ ugenopen(dev_t dev, int flag, int mode, struct proc *p) isize = UGETW(edesc->wMaxPacketSize); if (isize == 0) /* shouldn't happen */ return (EINVAL); + sce->ibuflen = isize * UGEN_NISOFRAMES; sce->ibuf = mallocarray(isize, UGEN_NISOFRAMES, M_USBDEV, M_WAITOK); sce->cur = sce->fill = sce->ibuf; @@ -350,7 +353,7 @@ ugenopen(dev_t dev, int flag, int mode, struct proc *p) err = usbd_open_pipe(sce->iface, edesc->bEndpointAddress, 0, &sce->pipeh); if (err) { - free(sce->ibuf, M_USBDEV, 0); + free(sce->ibuf, M_USBDEV, sce->ibuflen); return (EIO); } for(i = 0; i < UGEN_NISOREQS; ++i) { @@ -455,7 +458,7 @@ ugen_do_close(struct ugen_softc *sc, int endpt, int flag) } if (sce->ibuf != NULL) { - free(sce->ibuf, M_USBDEV, 0); + free(sce->ibuf, M_USBDEV, sce->ibuflen); sce->ibuf = NULL; } } @@ -1133,10 +1136,10 @@ ugen_do_ioctl(struct ugen_softc *sc, int endpt, u_long cmd, caddr_t addr, case USB_DO_REQUEST: { struct usb_ctl_request *ur = (void *)addr; - size_t len = UGETW(ur->ucr_request.wLength); + size_t len = UGETW(ur->ucr_request.wLength), mlen; struct iovec iov; struct uio uio; - void *ptr = 0; + void *ptr = NULL; int error = 0; if (!(flag & FWRITE)) @@ -1179,18 +1182,19 @@ ugen_do_ioctl(struct ugen_softc *sc, int endpt, u_long cmd, caddr_t addr, goto ret; } /* Only if USBD_SHORT_XFER_OK is set. */ - if (len > ur->ucr_actlen) - len = ur->ucr_actlen; - if (len != 0) { + mlen = len; + if (mlen > ur->ucr_actlen) + mlen = ur->ucr_actlen; + if (mlen != 0) { if (uio.uio_rw == UIO_READ) { - error = uiomove(ptr, len, &uio); + error = uiomove(ptr, mlen, &uio); if (error) goto ret; } } ret: if (ptr) - free(ptr, M_TEMP, 0); + free(ptr, M_TEMP, len); return (error); } case USB_GET_DEVICEINFO: diff --git a/sys/dev/usb/uhid.c b/sys/dev/usb/uhid.c index a47ea49c48e..bd4d9de5ae0 100644 --- a/sys/dev/usb/uhid.c +++ b/sys/dev/usb/uhid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uhid.c,v 1.66 2016/05/24 05:35:01 mpi Exp $ */ +/* $OpenBSD: uhid.c,v 1.67 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uhid.c,v 1.57 2003/03/11 16:44:00 augustss Exp $ */ /* @@ -243,7 +243,7 @@ uhidclose(dev_t dev, int flag, int mode, struct proc *p) DPRINTF(("uhidclose: sc=%p\n", sc)); clfree(&sc->sc_q); - free(sc->sc_obuf, M_USBDEV, 0); + free(sc->sc_obuf, M_USBDEV, sc->sc_hdev.sc_osize); sc->sc_async = NULL; uhidev_close(&sc->sc_hdev); diff --git a/sys/dev/usb/uhidev.c b/sys/dev/usb/uhidev.c index 256ec08933d..a61625e64c1 100644 --- a/sys/dev/usb/uhidev.c +++ b/sys/dev/usb/uhidev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uhidev.c,v 1.74 2016/06/13 10:15:03 mpi Exp $ */ +/* $OpenBSD: uhidev.c,v 1.75 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uhidev.c,v 1.14 2003/03/11 16:44:00 augustss Exp $ */ /* @@ -213,7 +213,7 @@ uhidev_attach(struct device *parent, struct device *self, void *aux) if (usbd_get_report_descriptor(sc->sc_udev, sc->sc_ifaceno, desc, size)) { printf("%s: no report descriptor\n", DEVNAME(sc)); - free(desc, M_USBDEV, 0); + free(desc, M_USBDEV, size); return; } } @@ -405,7 +405,7 @@ uhidev_detach(struct device *self, int flags) } if (sc->sc_repdesc != NULL) - free(sc->sc_repdesc, M_USBDEV, 0); + free(sc->sc_repdesc, M_USBDEV, sc->sc_repdesc_size); /* * XXX Check if we have only one children claiming all the Report @@ -573,7 +573,7 @@ out2: usbd_close_pipe(sc->sc_ipipe); out1: DPRINTF(("uhidev_open: failed in someway")); - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_isize); scd->sc_state &= ~UHIDEV_OPEN; sc->sc_refcnt = 0; sc->sc_ipipe = NULL; @@ -634,7 +634,7 @@ uhidev_close(struct uhidev *scd) } if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_isize); sc->sc_ibuf = NULL; } } diff --git a/sys/dev/usb/uhub.c b/sys/dev/usb/uhub.c index 55e4bd520d3..afab99e7936 100644 --- a/sys/dev/usb/uhub.c +++ b/sys/dev/usb/uhub.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uhub.c,v 1.89 2016/09/02 09:14:59 mpi Exp $ */ +/* $OpenBSD: uhub.c,v 1.90 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uhub.c,v 1.64 2003/02/08 03:32:51 ichiro Exp $ */ /* $FreeBSD: src/sys/dev/usb/uhub.c,v 1.18 1999/11/17 22:33:43 n_hibma Exp $ */ @@ -215,7 +215,7 @@ uhub_attach(struct device *parent, struct device *self, void *aux) hub->ports = mallocarray(nports, sizeof(struct usbd_port), M_USBDEV, M_NOWAIT); if (hub->ports == NULL) { - free(hub, M_USBDEV, 0); + free(hub, M_USBDEV, sizeof *hub); return; } dev->hub = hub; @@ -340,11 +340,11 @@ uhub_attach(struct device *parent, struct device *self, void *aux) bad: if (sc->sc_statusbuf) - free(sc->sc_statusbuf, M_USBDEV, 0); + free(sc->sc_statusbuf, M_USBDEV, sc->sc_statuslen); if (hub) { if (hub->ports) free(hub->ports, M_USBDEV, 0); - free(hub, M_USBDEV, 0); + free(hub, M_USBDEV, sizeof *hub); } dev->hub = NULL; } @@ -477,10 +477,10 @@ uhub_detach(struct device *self, int flags) if (hub->ports[0].tt) free(hub->ports[0].tt, M_USBDEV, 0); if (sc->sc_statusbuf) - free(sc->sc_statusbuf, M_USBDEV, 0); + free(sc->sc_statusbuf, M_USBDEV, sc->sc_statuslen); if (hub->ports) free(hub->ports, M_USBDEV, 0); - free(hub, M_USBDEV, 0); + free(hub, M_USBDEV, sizeof *hub); sc->sc_hub->hub = NULL; return (0); diff --git a/sys/dev/usb/umct.c b/sys/dev/usb/umct.c index e2e08ce1800..4d6632bf33b 100644 --- a/sys/dev/usb/umct.c +++ b/sys/dev/usb/umct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umct.c,v 1.45 2016/09/02 09:14:59 mpi Exp $ */ +/* $OpenBSD: umct.c,v 1.46 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: umct.c,v 1.10 2003/02/23 04:20:07 simonb Exp $ */ /* * Copyright (c) 2001 The NetBSD Foundation, Inc. @@ -298,7 +298,7 @@ umct_detach(struct device *self, int flags) if (sc->sc_intr_pipe != NULL) { usbd_abort_pipe(sc->sc_intr_pipe); usbd_close_pipe(sc->sc_intr_pipe); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } @@ -558,7 +558,7 @@ umct_close(void *addr, int portno) if (err) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } diff --git a/sys/dev/usb/umidi.c b/sys/dev/usb/umidi.c index 512a2ddc341..4d4c1b8ad9c 100644 --- a/sys/dev/usb/umidi.c +++ b/sys/dev/usb/umidi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umidi.c,v 1.44 2017/02/10 08:07:21 ratchov Exp $ */ +/* $OpenBSD: umidi.c,v 1.45 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: umidi.c,v 1.16 2002/07/11 21:14:32 augustss Exp $ */ /* * Copyright (c) 2001 The NetBSD Foundation, Inc. @@ -772,11 +772,11 @@ alloc_all_jacks(struct umidi_softc *sc) static void free_all_jacks(struct umidi_softc *sc) { - int s; + int s, jacks = sc->sc_in_num_jacks + sc->sc_out_num_jacks; s = splusb(); if (sc->sc_out_jacks) { - free(sc->sc_jacks, M_USBDEV, 0); + free(sc->sc_jacks, M_USBDEV, jacks * sizeof(*sc->sc_out_jacks)); sc->sc_jacks = sc->sc_in_jacks = sc->sc_out_jacks = NULL; } splx(s); @@ -951,9 +951,11 @@ alloc_all_mididevs(struct umidi_softc *sc, int nmidi) static void free_all_mididevs(struct umidi_softc *sc) { - sc->sc_num_mididevs = 0; if (sc->sc_mididevs) - free(sc->sc_mididevs, M_USBDEV, 0); + free(sc->sc_mididevs, M_USBDEV, + sc->sc_num_mididevs * sizeof(*sc->sc_mididevs)); + sc->sc_mididevs = NULL; + sc->sc_num_mididevs = 0; } static usbd_status diff --git a/sys/dev/usb/umsm.c b/sys/dev/usb/umsm.c index bd734e2ff77..1d4450a85fd 100644 --- a/sys/dev/usb/umsm.c +++ b/sys/dev/usb/umsm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umsm.c,v 1.108 2016/12/12 04:26:29 jsg Exp $ */ +/* $OpenBSD: umsm.c,v 1.109 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2008 Yojiro UO <yuo@nui.org> @@ -436,7 +436,7 @@ umsm_detach(struct device *self, int flags) if (sc->sc_intr_pipe != NULL) { usbd_abort_pipe(sc->sc_intr_pipe); usbd_close_pipe(sc->sc_intr_pipe); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } @@ -496,7 +496,7 @@ umsm_close(void *addr, int portno) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } diff --git a/sys/dev/usb/uoaklux.c b/sys/dev/usb/uoaklux.c index 2a0a7abf32a..3932b139a51 100644 --- a/sys/dev/usb/uoaklux.c +++ b/sys/dev/usb/uoaklux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uoaklux.c,v 1.12 2016/01/09 04:14:42 jcs Exp $ */ +/* $OpenBSD: uoaklux.c,v 1.13 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2012 Yojiro UO <yuo@nui.org> @@ -211,7 +211,7 @@ uoaklux_detach(struct device *self, int flags) uhidev_close(&sc->sc_hdev); if (scc->sc_ibuf != NULL) { - free(scc->sc_ibuf, M_USBDEV, 0); + free(scc->sc_ibuf, M_USBDEV, scc->sc_ilen); scc->sc_ibuf = NULL; } diff --git a/sys/dev/usb/uoakrh.c b/sys/dev/usb/uoakrh.c index 819449be824..66a030409de 100644 --- a/sys/dev/usb/uoakrh.c +++ b/sys/dev/usb/uoakrh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uoakrh.c,v 1.14 2016/03/11 18:41:33 mmcc Exp $ */ +/* $OpenBSD: uoakrh.c,v 1.15 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2012 Yojiro UO <yuo@nui.org> @@ -225,7 +225,7 @@ uoakrh_detach(struct device *self, int flags) uhidev_close(&sc->sc_hdev); if (scc->sc_ibuf != NULL) { - free(scc->sc_ibuf, M_USBDEV, 0); + free(scc->sc_ibuf, M_USBDEV, scc->sc_ilen); scc->sc_ibuf = NULL; } diff --git a/sys/dev/usb/uoakv.c b/sys/dev/usb/uoakv.c index a46bd8c1623..a8cdb734001 100644 --- a/sys/dev/usb/uoakv.c +++ b/sys/dev/usb/uoakv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uoakv.c,v 1.12 2016/01/09 04:14:42 jcs Exp $ */ +/* $OpenBSD: uoakv.c,v 1.13 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2012 Yojiro UO <yuo@nui.org> @@ -215,7 +215,7 @@ uoakv_detach(struct device *self, int flags) uhidev_close(&sc->sc_hdev); if (scc->sc_ibuf != NULL) { - free(scc->sc_ibuf, M_USBDEV, 0); + free(scc->sc_ibuf, M_USBDEV, scc->sc_ilen); scc->sc_ibuf = NULL; } diff --git a/sys/dev/usb/upd.c b/sys/dev/usb/upd.c index 29325fe6110..62de86a0aa3 100644 --- a/sys/dev/usb/upd.c +++ b/sys/dev/usb/upd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: upd.c,v 1.25 2016/01/09 04:14:42 jcs Exp $ */ +/* $OpenBSD: upd.c,v 1.26 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2015 David Higgs <higgsd@gmail.com> @@ -181,8 +181,6 @@ upd_attach(struct device *parent, struct device *self, void *aux) sc->sc_hdev.sc_intr = upd_intr; sc->sc_hdev.sc_parent = uha->parent; - sc->sc_reports = NULL; - sc->sc_sensors = NULL; SLIST_INIT(&sc->sc_root_sensors); strlcpy(sc->sc_sensordev.xname, DEVNAME(sc), @@ -287,8 +285,8 @@ upd_detach(struct device *self, int flags) sensor_detach(&sc->sc_sensordev, &sensor->ksensor); } - free(sc->sc_reports, M_USBDEV, 0); - free(sc->sc_sensors, M_USBDEV, 0); + free(sc->sc_reports, M_USBDEV, sc->sc_max_repid * sizeof(struct upd_report)); + free(sc->sc_sensors, M_USBDEV, UPD_MAX_SENSORS * sizeof(struct upd_sensor)); return (0); } diff --git a/sys/dev/usb/uplcom.c b/sys/dev/usb/uplcom.c index e9f6bf6a24c..84f69b0370d 100644 --- a/sys/dev/usb/uplcom.c +++ b/sys/dev/usb/uplcom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uplcom.c,v 1.68 2016/09/02 09:14:59 mpi Exp $ */ +/* $OpenBSD: uplcom.c,v 1.69 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uplcom.c,v 1.29 2002/09/23 05:51:23 simonb Exp $ */ /* * Copyright (c) 2001 The NetBSD Foundation, Inc. @@ -216,7 +216,7 @@ uplcom_attach(struct device *parent, struct device *self, void *aux) int i; struct ucom_attach_args uca; - sc->sc_udev = dev; + sc->sc_udev = dev; DPRINTF(("\n\nuplcom attach: sc=%p\n", sc)); @@ -308,7 +308,7 @@ uplcom_attach(struct device *parent, struct device *self, void *aux) * USB-RSAQ1 has two interface * * USB-RSAQ1 | USB-RSAQ2 - * -----------------+----------------- + * -----------------+----------------- * Interface 0 |Interface 0 * Interrupt(0x81) | Interrupt(0x81) * -----------------+ BulkIN(0x02) @@ -399,12 +399,12 @@ uplcom_detach(struct device *self, int flags) DPRINTF(("uplcom_detach: sc=%p flags=%d\n", sc, flags)); - if (sc->sc_intr_pipe != NULL) { - usbd_abort_pipe(sc->sc_intr_pipe); - usbd_close_pipe(sc->sc_intr_pipe); - free(sc->sc_intr_buf, M_USBDEV, 0); - sc->sc_intr_pipe = NULL; - } + if (sc->sc_intr_pipe != NULL) { + usbd_abort_pipe(sc->sc_intr_pipe); + usbd_close_pipe(sc->sc_intr_pipe); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); + sc->sc_intr_pipe = NULL; + } if (sc->sc_subdev != NULL) { rv = config_detach(sc->sc_subdev, flags); @@ -417,16 +417,16 @@ uplcom_detach(struct device *self, int flags) usbd_status uplcom_reset(struct uplcom_softc *sc) { - usb_device_request_t req; + usb_device_request_t req; usbd_status err; - req.bmRequestType = UT_WRITE_VENDOR_DEVICE; - req.bRequest = UPLCOM_SET_REQUEST; - USETW(req.wValue, 0); - USETW(req.wIndex, sc->sc_iface_number); - USETW(req.wLength, 0); + req.bmRequestType = UT_WRITE_VENDOR_DEVICE; + req.bRequest = UPLCOM_SET_REQUEST; + USETW(req.wValue, 0); + USETW(req.wIndex, sc->sc_iface_number); + USETW(req.wLength, 0); - err = usbd_do_request(sc->sc_udev, &req, 0); + err = usbd_do_request(sc->sc_udev, &req, 0); if (err) return (EIO); @@ -719,7 +719,7 @@ uplcom_close(void *addr, int portno) if (err) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } diff --git a/sys/dev/usb/usb.c b/sys/dev/usb/usb.c index e0d7992571c..21e4371c19c 100644 --- a/sys/dev/usb/usb.c +++ b/sys/dev/usb/usb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usb.c,v 1.111 2016/05/18 18:28:58 patrick Exp $ */ +/* $OpenBSD: usb.c,v 1.112 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: usb.c,v 1.77 2003/01/01 00:10:26 thorpej Exp $ */ /* @@ -610,10 +610,10 @@ usbioctl(dev_t devt, u_long cmd, caddr_t data, int flag, struct proc *p) case USB_REQUEST: { struct usb_ctl_request *ur = (void *)data; - size_t len = UGETW(ur->ucr_request.wLength); + size_t len = UGETW(ur->ucr_request.wLength), mlen; struct iovec iov; struct uio uio; - void *ptr = 0; + void *ptr = NULL; int addr = ur->ucr_addr; usbd_status err; int error = 0; @@ -664,18 +664,19 @@ usbioctl(dev_t devt, u_long cmd, caddr_t data, int flag, struct proc *p) goto ret; } /* Only if USBD_SHORT_XFER_OK is set. */ - if (len > ur->ucr_actlen) - len = ur->ucr_actlen; - if (len != 0) { + mlen = len; + if (mlen > ur->ucr_actlen) + mlen = ur->ucr_actlen; + if (mlen != 0) { if (uio.uio_rw == UIO_READ) { - error = uiomove(ptr, len, &uio); + error = uiomove(ptr, mlen, &uio); if (error) goto ret; } } ret: if (ptr) - free(ptr, M_TEMP, 0); + free(ptr, M_TEMP, len); return (error); } diff --git a/sys/dev/usb/usb_mem.c b/sys/dev/usb/usb_mem.c index 1635119a5e2..0ebb4d662ae 100644 --- a/sys/dev/usb/usb_mem.c +++ b/sys/dev/usb/usb_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usb_mem.c,v 1.28 2016/11/30 10:19:18 mpi Exp $ */ +/* $OpenBSD: usb_mem.c,v 1.29 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: usb_mem.c,v 1.26 2003/02/01 06:23:40 thorpej Exp $ */ /* @@ -154,7 +154,7 @@ unmap: free1: bus_dmamem_free(tag, p->segs, p->nsegs); free0: - free(p, M_USB, 0); + free(p, M_USB, sizeof *p); return (USBD_NOMEM); } @@ -172,7 +172,7 @@ usb_block_real_freemem(struct usb_dma_block *p) bus_dmamap_destroy(p->tag, p->map); bus_dmamem_unmap(p->tag, p->kaddr, p->size); bus_dmamem_free(p->tag, p->segs, p->nsegs); - free(p, M_USB, 0); + free(p, M_USB, sizeof *p); } #endif diff --git a/sys/dev/usb/usb_subr.c b/sys/dev/usb/usb_subr.c index 68afe2d2156..589eb55777e 100644 --- a/sys/dev/usb/usb_subr.c +++ b/sys/dev/usb/usb_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usb_subr.c,v 1.133 2017/04/05 22:45:21 deraadt Exp $ */ +/* $OpenBSD: usb_subr.c,v 1.134 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: usb_subr.c,v 1.103 2003/01/10 11:19:13 augustss Exp $ */ /* $FreeBSD: src/sys/dev/usb/usb_subr.c,v 1.18 1999/11/17 22:33:47 n_hibma Exp $ */ @@ -639,7 +639,7 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg) usb_status_t ds; usb_config_descriptor_t cd, *cdp; usbd_status err; - int i, ifcidx, nifc, len, selfpowered, power; + int i, ifcidx, nifc, cdplen, selfpowered, power; DPRINTFN(5,("usbd_set_config_index: dev=%p index=%d\n", dev, index)); @@ -674,13 +674,13 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg) return (err); if (cd.bDescriptorType != UDESC_CONFIG) return (USBD_INVAL); - len = UGETW(cd.wTotalLength); - cdp = malloc(len, M_USB, M_NOWAIT); + cdplen = UGETW(cd.wTotalLength); + cdp = malloc(cdplen, M_USB, M_NOWAIT); if (cdp == NULL) return (USBD_NOMEM); /* Get the full descriptor. */ for (i = 0; i < 3; i++) { - err = usbd_get_desc(dev, UDESC_CONFIG, index, len, cdp); + err = usbd_get_desc(dev, UDESC_CONFIG, index, cdplen, cdp); if (!err) break; usbd_delay_ms(dev, 200); @@ -795,7 +795,7 @@ usbd_set_config_index(struct usbd_device *dev, int index, int msg) return (USBD_NORMAL_COMPLETION); bad: - free(cdp, M_USB, 0); + free(cdp, M_USB, cdplen); return (err); } @@ -813,6 +813,7 @@ usbd_setup_pipe(struct usbd_device *dev, struct usbd_interface *iface, p = malloc(dev->bus->pipe_size, M_USB, M_NOWAIT|M_ZERO); if (p == NULL) return (USBD_NOMEM); + p->pipe_size = dev->bus->pipe_size; p->device = dev; p->iface = iface; p->endpoint = ep; @@ -823,7 +824,7 @@ usbd_setup_pipe(struct usbd_device *dev, struct usbd_interface *iface, if (err) { DPRINTF(("%s: endpoint=0x%x failed, error=%s\n", __func__, ep->edesc->bEndpointAddress, usbd_errstr(err))); - free(p, M_USB, 0); + free(p, M_USB, dev->bus->pipe_size); return (err); } *pipe = p; @@ -938,7 +939,7 @@ usbd_probe_and_attach(struct device *parent, struct usbd_device *dev, int port, dev->subdevs = mallocarray(nifaces + 2, sizeof(dv), M_USB, M_NOWAIT | M_ZERO); if (dev->subdevs == NULL) { - free(ifaces, M_USB, 0); + free(ifaces, M_USB, nifaces * sizeof(*ifaces)); err = USBD_NOMEM; goto fail; } @@ -955,7 +956,7 @@ usbd_probe_and_attach(struct device *parent, struct usbd_device *dev, int port, usbd_claim_iface(dev, i); } } - free(ifaces, M_USB, 0); + free(ifaces, M_USB, nifaces * sizeof(*ifaces)); if (dev->ndevs > 0) { for (i = 0; i < nifaces; i++) { @@ -968,7 +969,7 @@ usbd_probe_and_attach(struct device *parent, struct usbd_device *dev, int port, goto fail; } - free(dev->subdevs, M_USB, 0); + free(dev->subdevs, M_USB, (nifaces + 2) * sizeof(dv)); dev->subdevs = NULL; } /* No interfaces were attached in any of the configurations. */ @@ -1282,7 +1283,7 @@ usbd_print(void *aux, const char *pnp) DPRINTFN(15, ("usbd_print dev=%p\n", uaa->device)); if (pnp) { if (!uaa->usegeneric) { - free(devinfop, M_TEMP, 0); + free(devinfop, M_TEMP, DEVINFOSIZE); return (QUIET); } printf("%s at %s", devinfop, pnp); @@ -1296,7 +1297,7 @@ usbd_print(void *aux, const char *pnp) if (!pnp) printf(" %s\n", devinfop); - free(devinfop, M_TEMP, 0); + free(devinfop, M_TEMP, DEVINFOSIZE); return (UNCONF); } diff --git a/sys/dev/usb/usbdi.c b/sys/dev/usb/usbdi.c index 80866e48f2a..f688e24ce7a 100644 --- a/sys/dev/usb/usbdi.c +++ b/sys/dev/usb/usbdi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usbdi.c,v 1.90 2017/03/17 09:25:59 mpi Exp $ */ +/* $OpenBSD: usbdi.c,v 1.91 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: usbdi.c,v 1.103 2002/09/27 15:37:38 provos Exp $ */ /* $FreeBSD: src/sys/dev/usb/usbdi.c,v 1.28 1999/11/17 22:33:49 n_hibma Exp $ */ @@ -271,7 +271,7 @@ usbd_close_pipe(struct usbd_pipe *pipe) pipe->methods->close(pipe); if (pipe->intrxfer != NULL) usbd_free_xfer(pipe->intrxfer); - free(pipe, M_USB, 0); + free(pipe, M_USB, pipe->pipe_size); return (USBD_NORMAL_COMPLETION); } @@ -1122,4 +1122,3 @@ usbd_str(usb_string_descriptor_t *p, int l, const char *s) USETW2(p->bString[i], 0, s[i]); return (2 * i + 2); } - diff --git a/sys/dev/usb/usbdivar.h b/sys/dev/usb/usbdivar.h index 683f2f4c52e..08462e687c3 100644 --- a/sys/dev/usb/usbdivar.h +++ b/sys/dev/usb/usbdivar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: usbdivar.h,v 1.71 2016/05/23 11:31:12 mpi Exp $ */ +/* $OpenBSD: usbdivar.h,v 1.72 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: usbdivar.h,v 1.70 2002/07/11 21:14:36 augustss Exp $ */ /* $FreeBSD: src/sys/dev/usb/usbdivar.h,v 1.11 1999/11/17 22:33:51 n_hibma Exp $ */ @@ -171,6 +171,7 @@ struct usbd_pipe { struct usbd_interface *iface; struct usbd_device *device; struct usbd_endpoint *endpoint; + size_t pipe_size; char running; char aborting; SIMPLEQ_HEAD(, usbd_xfer) queue; diff --git a/sys/dev/usb/uslhcom.c b/sys/dev/usb/uslhcom.c index 01e1208ce27..39db391aecd 100644 --- a/sys/dev/usb/uslhcom.c +++ b/sys/dev/usb/uslhcom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uslhcom.c,v 1.5 2017/04/06 04:48:54 deraadt Exp $ */ +/* $OpenBSD: uslhcom.c,v 1.6 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2015 SASANO Takayoshi <uaa@openbsd.org> @@ -432,8 +432,7 @@ uslhcom_open(void *arg, int portno) if (usbd_is_dying(sc->sc_udev)) return EIO; - sc->sc_ibuf = malloc(sc->sc_hdev.sc_osize + sizeof(u_char), - M_USBDEV, M_WAITOK); + sc->sc_ibuf = malloc(sc->sc_hdev.sc_isize, M_USBDEV, M_WAITOK); uslhcom_set_baud_rate(&config, 9600); config.parity = UART_CONFIG_PARITY_NONE; @@ -461,7 +460,7 @@ uslhcom_close(void *arg, int portno) s = splusb(); if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_hdev.sc_isize); sc->sc_ibuf = NULL; } splx(s); diff --git a/sys/dev/usb/usps.c b/sys/dev/usb/usps.c index eff543ac242..7ec16c9c4fe 100644 --- a/sys/dev/usb/usps.c +++ b/sys/dev/usb/usps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usps.c,v 1.8 2016/11/06 12:58:01 mpi Exp $ */ +/* $OpenBSD: usps.c,v 1.9 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2011 Yojiro UO <yuo@nui.org> @@ -283,8 +283,8 @@ fail: usbd_close_pipe(sc->sc_ipipe); if (sc->sc_xfer != NULL) usbd_free_xfer(sc->sc_xfer); - if (sc->sc_intrbuf != NULL) - free(sc->sc_intrbuf, M_USBDEV, 0); + if (sc->sc_intrbuf != NULL) + free(sc->sc_intrbuf, M_USBDEV, sc->sc_isize); } int @@ -300,7 +300,7 @@ usps_detach(struct device *self, int flags) usbd_abort_pipe(sc->sc_ipipe); usbd_close_pipe(sc->sc_ipipe); if (sc->sc_intrbuf != NULL) - free(sc->sc_intrbuf, M_USBDEV, 0); + free(sc->sc_intrbuf, M_USBDEV, sc->sc_isize); sc->sc_ipipe = NULL; } if (sc->sc_xfer != NULL) diff --git a/sys/dev/usb/uticom.c b/sys/dev/usb/uticom.c index b82636bbd3a..a0067c39ea3 100644 --- a/sys/dev/usb/uticom.c +++ b/sys/dev/usb/uticom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uticom.c,v 1.31 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: uticom.c,v 1.32 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2005 Dmitry Komissaroff <dxi@mail.ru>. * @@ -460,7 +460,7 @@ uticom_detach(struct device *self, int flags) if (sc->sc_intr_pipe != NULL) { usbd_abort_pipe(sc->sc_intr_pipe); usbd_close_pipe(sc->sc_intr_pipe); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } @@ -760,7 +760,7 @@ uticom_close(void *addr, int portno) if (err) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } diff --git a/sys/dev/usb/utrh.c b/sys/dev/usb/utrh.c index 85ef2f6bc72..a7a3d5e8d93 100644 --- a/sys/dev/usb/utrh.c +++ b/sys/dev/usb/utrh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utrh.c,v 1.20 2016/03/19 11:41:56 mpi Exp $ */ +/* $OpenBSD: utrh.c,v 1.21 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2009 Yojiro UO <yuo@nui.org> @@ -178,7 +178,7 @@ utrh_detach(struct device *self, int flags) uhidev_close(&sc->sc_hdev); if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_ilen); sc->sc_ibuf = NULL; } diff --git a/sys/dev/usb/uts.c b/sys/dev/usb/uts.c index c60fd417606..480cc50bdaa 100644 --- a/sys/dev/usb/uts.c +++ b/sys/dev/usb/uts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uts.c,v 1.39 2016/09/02 09:14:59 mpi Exp $ */ +/* $OpenBSD: uts.c,v 1.40 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2007 Robert Nagy <robert@openbsd.org> @@ -267,7 +267,7 @@ uts_enable(void *v) USBD_SHORT_XFER_OK, &sc->sc_intr_pipe, sc, sc->sc_ibuf, sc->sc_isize, uts_intr, USBD_DEFAULT_INTERVAL); if (err) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; return (EIO); } @@ -296,7 +296,7 @@ uts_disable(void *v) } if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_isize); sc->sc_ibuf = NULL; } diff --git a/sys/dev/usb/utwitch.c b/sys/dev/usb/utwitch.c index beb35487ea6..c24680f4a5a 100644 --- a/sys/dev/usb/utwitch.c +++ b/sys/dev/usb/utwitch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utwitch.c,v 1.16 2016/01/09 04:14:42 jcs Exp $ */ +/* $OpenBSD: utwitch.c,v 1.17 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2010 Yojiro UO <yuo@nui.org> @@ -192,7 +192,7 @@ utwitch_detach(struct device *self, int flags) uhidev_close(&sc->sc_hdev); if (sc->sc_ibuf != NULL) { - free(sc->sc_ibuf, M_USBDEV, 0); + free(sc->sc_ibuf, M_USBDEV, sc->sc_ilen); sc->sc_ibuf = NULL; } diff --git a/sys/dev/usb/uvideo.c b/sys/dev/usb/uvideo.c index 2fa4c0a85cd..8036cf8d259 100644 --- a/sys/dev/usb/uvideo.c +++ b/sys/dev/usb/uvideo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvideo.c,v 1.193 2017/03/26 15:31:15 deraadt Exp $ */ +/* $OpenBSD: uvideo.c,v 1.194 2017/04/08 02:57:25 deraadt Exp $ */ /* * Copyright (c) 2008 Robert Nagy <robert@openbsd.org> @@ -1654,7 +1654,7 @@ uvideo_vs_free_frame(struct uvideo_softc *sc) struct uvideo_frame_buffer *fb = &sc->sc_frame_buffer; if (fb->buf != NULL) { - free(fb->buf, M_DEVBUF, 0); + free(fb->buf, M_DEVBUF, fb->buf_size); fb->buf = NULL; } @@ -3402,7 +3402,7 @@ uvideo_queryctrl(void *v, struct v4l2_queryctrl *qctrl) qctrl->flags = 0; out: - free(ctrl_data, M_USBDEV, 0); + free(ctrl_data, M_USBDEV, ctrl_len); return (ret); } @@ -3453,7 +3453,7 @@ uvideo_g_ctrl(void *v, struct v4l2_control *gctrl) } out: - free(ctrl_data, M_USBDEV, 0); + free(ctrl_data, M_USBDEV, ctrl_len); return (0); } @@ -3500,7 +3500,7 @@ uvideo_s_ctrl(void *v, struct v4l2_control *sctrl) if (error != USBD_NORMAL_COMPLETION) ret = EINVAL; - free(ctrl_data, M_USBDEV, 0); + free(ctrl_data, M_USBDEV, ctrl_len); return (ret); } diff --git a/sys/dev/usb/uvscom.c b/sys/dev/usb/uvscom.c index 9ab1788ccd0..071a7db5774 100644 --- a/sys/dev/usb/uvscom.c +++ b/sys/dev/usb/uvscom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvscom.c,v 1.34 2016/09/02 09:14:59 mpi Exp $ */ +/* $OpenBSD: uvscom.c,v 1.35 2017/04/08 02:57:25 deraadt Exp $ */ /* $NetBSD: uvscom.c,v 1.9 2003/02/12 15:36:20 ichiro Exp $ */ /*- * Copyright (c) 2001-2002, Shunsuke Akiyama <akiyama@jp.FreeBSD.org>. @@ -356,7 +356,7 @@ uvscom_detach(struct device *self, int flags) if (sc->sc_intr_pipe != NULL) { usbd_abort_pipe(sc->sc_intr_pipe); usbd_close_pipe(sc->sc_intr_pipe); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } @@ -750,7 +750,7 @@ uvscom_close(void *addr, int portno) printf("%s: close interrupt pipe failed: %s\n", sc->sc_dev.dv_xname, usbd_errstr(err)); - free(sc->sc_intr_buf, M_USBDEV, 0); + free(sc->sc_intr_buf, M_USBDEV, sc->sc_isize); sc->sc_intr_pipe = NULL; } } |