| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202206292035.gBAFMpVb-lkp@intel.com>
Date: Wed, 29 Jun 2022 20:39:51 +0800
From: kernel test robot <lkp@...el.com>
To: SebinSebastian <mailmesebin00@...il.com>
Cc: kbuild-all@...ts.01.org, mailmesebin00@...il.com,
skhan@...uxfoundation.org, Neal Liu <neal_liu@...eedtech.com>,
Felipe Balbi <balbi@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Joel Stanley <joel@....id.au>,
Andrew Jeffery <andrew@...id.au>,
linux-aspeed@...ts.ozlabs.org, linux-usb@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next] usb: gadget: dereference before null check
Hi SebinSebastian,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on next-20220628]
url: https://github.com/intel-lab-lkp/linux/commits/SebinSebastian/usb-gadget-dereference-before-null-check/20220629-161008
base: cb71b93c2dc36d18a8b05245973328d018272cdf
config: mips-allyesconfig
compiler: mips-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/97ebbd93f269a58b3b5a003898d6e09c29a73ab0
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review SebinSebastian/usb-gadget-dereference-before-null-check/20220629-161008
git checkout 97ebbd93f269a58b3b5a003898d6e09c29a73ab0
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash drivers/usb/gadget/udc/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
All warnings (new ones prefixed by >>):
drivers/usb/gadget/udc/aspeed_udc.c: In function 'ast_udc_ep_enable':
drivers/usb/gadget/udc/aspeed_udc.c:349:22: error: 'ep' undeclared (first use in this function); did you mean '_ep'?
349 | if (!_ep || !ep || !desc || desc->bDescriptorType != USB_DT_ENDPOINT ||
| ^~
| _ep
drivers/usb/gadget/udc/aspeed_udc.c:349:22: note: each undeclared identifier is reported only once for each function it appears in
drivers/usb/gadget/udc/aspeed_udc.c:350:13: error: 'maxpacket' undeclared (first use in this function)
350 | maxpacket == 0 || maxpacket > ep->ep.maxpacket) {
| ^~~~~~~~~
>> drivers/usb/gadget/udc/aspeed_udc.c:355:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
355 | u16 maxpacket = usb_endpoint_maxp(desc);
| ^~~
vim +355 drivers/usb/gadget/udc/aspeed_udc.c
340
341 static int ast_udc_ep_enable(struct usb_ep *_ep,
342 const struct usb_endpoint_descriptor *desc)
343 {
344 unsigned long flags;
345 u32 ep_conf = 0;
346 u8 dir_in;
347 u8 type;
348
349 if (!_ep || !ep || !desc || desc->bDescriptorType != USB_DT_ENDPOINT ||
350 maxpacket == 0 || maxpacket > ep->ep.maxpacket) {
351 EP_DBG(ep, "Failed, invalid EP enable param\n");
352 return -EINVAL;
353 }
354
> 355 u16 maxpacket = usb_endpoint_maxp(desc);
356 struct ast_udc_ep *ep = to_ast_ep(_ep);
357 struct ast_udc_dev *udc = ep->udc;
358 u8 epnum = usb_endpoint_num(desc);
359
360 if (!udc->driver) {
361 EP_DBG(ep, "bogus device state\n");
362 return -ESHUTDOWN;
363 }
364
365 EP_DBG(ep, "maxpacket:0x%x\n", maxpacket);
366
367 spin_lock_irqsave(&udc->lock, flags);
368
369 ep->desc = desc;
370 ep->stopped = 0;
371 ep->ep.maxpacket = maxpacket;
372 ep->chunk_max = AST_EP_DMA_DESC_MAX_LEN;
373
374 if (maxpacket < AST_UDC_EPn_MAX_PACKET)
375 ep_conf = EP_SET_MAX_PKT(maxpacket);
376
377 ep_conf |= EP_SET_EP_NUM(epnum);
378
379 type = usb_endpoint_type(desc);
380 dir_in = usb_endpoint_dir_in(desc);
381 ep->dir_in = dir_in;
382 if (!ep->dir_in)
383 ep_conf |= EP_DIR_OUT;
384
385 EP_DBG(ep, "type %d, dir_in %d\n", type, dir_in);
386 switch (type) {
387 case USB_ENDPOINT_XFER_ISOC:
388 ep_conf |= EP_SET_TYPE_MASK(EP_TYPE_ISO);
389 break;
390
391 case USB_ENDPOINT_XFER_BULK:
392 ep_conf |= EP_SET_TYPE_MASK(EP_TYPE_BULK);
393 break;
394
395 case USB_ENDPOINT_XFER_INT:
396 ep_conf |= EP_SET_TYPE_MASK(EP_TYPE_INT);
397 break;
398 }
399
400 ep->desc_mode = udc->desc_mode && ep->descs_dma && ep->dir_in;
401 if (ep->desc_mode) {
402 ast_ep_write(ep, EP_DMA_CTRL_RESET, AST_UDC_EP_DMA_CTRL);
403 ast_ep_write(ep, 0, AST_UDC_EP_DMA_STS);
404 ast_ep_write(ep, ep->descs_dma, AST_UDC_EP_DMA_BUFF);
405
406 /* Enable Long Descriptor Mode */
407 ast_ep_write(ep, EP_DMA_CTRL_IN_LONG_MODE | EP_DMA_DESC_MODE,
408 AST_UDC_EP_DMA_CTRL);
409
410 ep->descs_wptr = 0;
411
412 } else {
413 ast_ep_write(ep, EP_DMA_CTRL_RESET, AST_UDC_EP_DMA_CTRL);
414 ast_ep_write(ep, EP_DMA_SINGLE_STAGE, AST_UDC_EP_DMA_CTRL);
415 ast_ep_write(ep, 0, AST_UDC_EP_DMA_STS);
416 }
417
418 /* Cleanup data toggle just in case */
419 ast_udc_write(udc, EP_TOGGLE_SET_EPNUM(epnum), AST_VHUB_EP_DATA);
420
421 /* Enable EP */
422 ast_ep_write(ep, ep_conf | EP_ENABLE, AST_UDC_EP_CONFIG);
423
424 EP_DBG(ep, "ep_config: 0x%x\n", ast_ep_read(ep, AST_UDC_EP_CONFIG));
425
426 spin_unlock_irqrestore(&udc->lock, flags);
427
428 return 0;
429 }
430
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config" of type "text/plain" (322287 bytes)
Powered by blists - more mailing lists