[U-Boot] [U-Boot, 5/5] dm: usb: storage: Fix broken read/write when both EHCD and xHCD are enabled

Marek Vasut marex at denx.de
Thu Sep 28 01:55:24 UTC 2017 

On 09/28/2017 03:39 AM, Tom Rini wrote:
> On Thu, Sep 28, 2017 at 09:34:23AM +0800, Bin Meng wrote:
>> Hi Tom,
>>
>> On Thu, Sep 28, 2017 at 12:34 AM, Tom Rini <trini at konsulko.com> wrote:
>>> On Thu, Sep 07, 2017 at 06:13:21AM -0700, Bin Meng wrote:
>>>
>>>> When EHCD and xHCD are enabled at the same time, USB storage device
>>>> driver will fail to read/write from/to the storage device attached
>>>> to the xHCI interface, due to its transfer blocks exceeds the xHCD
>>>> driver limitation.
>>>>
>>>> With driver model, we have an API to get the controller's maximum
>>>> transfer size and we can use that to determine the storage driver's
>>>> capability of read/write.
>>>>
>>>> Note: the non-DM version driver is still broken with xHCD and the
>>>> intent here is not to fix the non-DM one, since the xHCD itself is
>>>> already broken in places like 3.0 hub support, etc.
>>>>
>>>> Signed-off-by: Bin Meng <bmeng.cn at gmail.com>
>>>> Tested-by: Stefan Roese <sr at denx.de>
>>> [snip]
>>>> @@ -953,6 +957,17 @@ static void usb_stor_set_max_xfer_blk(struct us_data *us)
>>>>  #else
>>>>       blk = 20;
>>>>  #endif
>>>> +#else
>>>> +     ret = usb_get_max_xfer_size(udev, (size_t *)&size);
>>>> +     if (ret < 0) {
>>>> +             /* unimplemented, let's use default 20 */
>>>> +             blk = 20;
>>>> +     } else {
>>>> +             if (size > USHRT_MAX * 512)
>>>> +                     blk = USHRT_MAX;
>>>> +             blk = size / 512;
>>>> +     }
>>>> +#endif
>>>
>>> So, Coverity saw this and found an issue (CID 167250), and I was going
>>> to just fix it, but I'm not sure.  The problem is that we check size >
>>> (USHRT_MAX * 512), and then assign blk.  Then, we always assign blk, so
>>> the test above isn't used.  But my background recollection is that
>>> there's a real issue that's being addressed here.  Can we really just
>>> always say blk = size / 512 in this case, or did we want to be shifting
>>> size not blk under the if?  Thanks!
>>
>> Did this patch applied to anywhere? I see it is in the usb tree, but
>> not in the u-boot/master.
>>
>> The fix should be:
>>
>>              if (size > USHRT_MAX * 512)
>>                      size = USHRT_MAX * 512;
> 
> It's in usb/master, and will be in master itself shortly.  Please submit
> a patch that corrects this and has the Reported-by for Coverity.  Marek,
> do you want to take it via your tree or should I just grab it?  Thanks!

A USB patch should always go through -usb , I believe that's an
established practice .

-- 
Best regards,
Marek Vasut

More information about the U-Boot mailing list