| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200622182023.GX4282@kadam>
Date: Mon, 22 Jun 2020 21:20:23 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org, Nikhil Badola <nikhil.badola@...escale.com>
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org,
Felipe Balbi <felipe.balbi@...ux.intel.com>,
Ran Wang <ran.wang_1@....com>, Peter Chen <peter.chen@....com>
Subject: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055
fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null
(see line 1055)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 625d3449788f85569096780592549d0340e9c0c7
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: arm64-randconfig-m031-20200622 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed NULL test. This will always return -ENODEV. (Or possibly
crash. But I suspect it always returns -ENODEV instead of crashing).
The container_of() macro doesn't dereference anything, btw. It just
does pointer math. I think it would be cleaner to use ep_index() like
the original code did. In other words, perhaps it would look best
written like this:
ep = container_of(_ep, struct fsl_ep, ep);
if (!_ep || !_ep->desc || ep_index(ep) == 0)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (29486 bytes)
_______________________________________________
kbuild mailing list -- kbuild@...ts.01.org
To unsubscribe send an email to kbuild-leave@...ts.01.org
Powered by blists - more mailing lists