| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200527134320.869042-1-arnd@arndb.de>
Date: Wed, 27 May 2020 15:43:04 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Al Cooper <alcooperx@...il.com>,
Alan Stern <stern@...land.harvard.edu>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Florian Fainelli <f.fainelli@...il.com>,
Andy Shevchenko <andy.shevchenko@...il.com>,
Arnd Bergmann <arnd@...db.de>
Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>,
linux-usb@...r.kernel.org, bcm-kernel-feedback-list@...adcom.com,
linux-kernel@...r.kernel.org
Subject: [PATCH] usb: ehci: add struct entry for broadcom insnreg
The newly added broadcom ehci driver triggered another array
overflow warning after I had fixed up a bunch of others. In this
case, the driver intentionally abuses the port_status[] array
to access a register that does not have an official name:
drivers/usb/host/ehci-brcm.c:113:33: error: array index 16 is past the end of the array (which contains 15 elements) [-Werror,-Warray-bounds]
ehci_writel(ehci, 0x00800040, &ehci->regs->port_status[0x10]);
^ ~~~~
include/linux/usb/ehci_def.h:131:3: note: array 'port_status' declared here
u32 port_status[15]; /* up to N_PORTS */
^
There is already a hack for Intel specific registers at the same
location, so extend that hack to also cover the Broadcom registers.
I'm a little confused about the register offset, as the code comment
says @0x90 while the actual offset seems to be at offset 0x84, please
confirm that the behavior is still correct.
Fixes: 9df231511bd6 ("usb: ehci: Add new EHCI driver for Broadcom STB SoC's")
Fixes: 88aa39691cea ("usb: ehci: avoid gcc-10 zero-length-bounds warning")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
drivers/usb/host/ehci-brcm.c | 13 ++++++-------
include/linux/usb/ehci_def.h | 1 +
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/host/ehci-brcm.c b/drivers/usb/host/ehci-brcm.c
index 3e0ebe8cc649..bafb3f4db170 100644
--- a/drivers/usb/host/ehci-brcm.c
+++ b/drivers/usb/host/ehci-brcm.c
@@ -108,10 +108,10 @@ static int ehci_brcm_reset(struct usb_hcd *hcd)
/*
* SWLINUX-1705: Avoid OUT packet underflows during high memory
* bus usage
- * port_status[0x0f] = Broadcom-proprietary USB_EHCI_INSNREG00 @ 0x90
+ * Broadcom-proprietary USB_EHCI_INSNREG00 @ 0x90
*/
- ehci_writel(ehci, 0x00800040, &ehci->regs->port_status[0x10]);
- ehci_writel(ehci, 0x00000001, &ehci->regs->port_status[0x12]);
+ ehci_writel(ehci, 0x00800040, &ehci->regs->brcm_insnreg[0]);
+ ehci_writel(ehci, 0x00000001, &ehci->regs->brcm_insnreg[2]);
return ehci_setup(hcd);
}
@@ -223,11 +223,10 @@ static int __maybe_unused ehci_brcm_resume(struct device *dev)
/*
* SWLINUX-1705: Avoid OUT packet underflows during high memory
* bus usage
- * port_status[0x0f] = Broadcom-proprietary USB_EHCI_INSNREG00
- * @ 0x90
+ * Broadcom-proprietary USB_EHCI_INSNREG00 @ 0x90
*/
- ehci_writel(ehci, 0x00800040, &ehci->regs->port_status[0x10]);
- ehci_writel(ehci, 0x00000001, &ehci->regs->port_status[0x12]);
+ ehci_writel(ehci, 0x00800040, &ehci->regs->brcm_insnreg[0]);
+ ehci_writel(ehci, 0x00000001, &ehci->regs->brcm_insnreg[2]);
ehci_resume(hcd, false);
diff --git a/include/linux/usb/ehci_def.h b/include/linux/usb/ehci_def.h
index 99481bbcc8f7..cf4bfbbdc8a3 100644
--- a/include/linux/usb/ehci_def.h
+++ b/include/linux/usb/ehci_def.h
@@ -190,6 +190,7 @@ struct ehci_regs {
#define HOSTPC_PHCD (1<<22) /* Phy clock disable */
#define HOSTPC_PSPD (3<<25) /* Port speed detection */
+ u32 brcm_insnreg[3]; /* Broadcom specific */
u32 reserved6[17];
};
--
2.26.2
Powered by blists - more mailing lists