usb: get rid of pointless access_ok() calls

in all affected cases addresses are passed only to
copy_from()_user or copy_to_user().

Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c
index 44f28a114c2b6bb43456b2c67a03b8ec02b7a389..94b6fa6e585e71653a6a4d2103ba50f2043f10b0 100644 (file)
--- a/drivers/usb/core/devices.c
+++ b/drivers/usb/core/devices.c
@@ -598,8 +598,6 @@ static ssize_t usb_device_read(struct file *file, char __user *buf,
                return -EINVAL;
        if (nbytes <= 0)
                return 0;
-       if (!access_ok(buf, nbytes))
-               return -EFAULT;
 
        mutex_lock(&usb_bus_idr_lock);
        /* print devices for all busses */

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 6833c918abcee7b46bf076f70d6fcce8a740ba7c..544769807ab8f5ffec92fec5ff030c95cb89c6a2 100644 (file)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1127,11 +1127,6 @@ static int proc_control(struct usb_dev_state *ps, void __user *arg)
                ctrl.bRequestType, ctrl.bRequest, ctrl.wValue,
                ctrl.wIndex, ctrl.wLength);
        if (ctrl.bRequestType & 0x80) {
-               if (ctrl.wLength && !access_ok(ctrl.data,
-                                              ctrl.wLength)) {
-                       ret = -EINVAL;
-                       goto done;
-               }
                pipe = usb_rcvctrlpipe(dev, 0);
                snoop_urb(dev, NULL, pipe, ctrl.wLength, tmo, SUBMIT, NULL, 0);
 
@@ -1216,10 +1211,6 @@ static int proc_bulk(struct usb_dev_state *ps, void __user *arg)
        }
        tmo = bulk.timeout;
        if (bulk.ep & 0x80) {
-               if (len1 && !access_ok(bulk.data, len1)) {
-                       ret = -EINVAL;
-                       goto done;
-               }
                snoop_urb(dev, NULL, pipe, len1, tmo, SUBMIT, NULL, 0);
 
                usb_unlock_device(dev);

diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index f3816a5c861eeeafdf1230afc1e7ca8fe41efa55..df671acdd464b7e9c323ebfbadc0fefd9e37acfd 100644 (file)
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -252,9 +252,6 @@ static ssize_t f_hidg_read(struct file *file, char __user *buffer,
        if (!count)
                return 0;
 
-       if (!access_ok(buffer, count))
-               return -EFAULT;
-
        spin_lock_irqsave(&hidg->read_spinlock, flags);
 
 #define READ_COND (!list_empty(&hidg->completed_out_req))
@@ -339,9 +336,6 @@ static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
        unsigned long flags;
        ssize_t status = -ENOMEM;
 
-       if (!access_ok(buffer, count))
-               return -EFAULT;
-
        spin_lock_irqsave(&hidg->write_spinlock, flags);
 
 #define WRITE_COND (!hidg->write_pending)