[U-Boot] [PATCH 1/1] usb: musb-new: sunxi: Fix null pointer access

Stefan Mavrodiev stefan at olimex.com
Wed Dec 5 13:06:43 UTC 2018 

On 12/5/18 2:57 PM, Marek Vasut wrote:
> On 12/05/2018 01:49 PM, Stefan Mavrodiev wrote:
>> When the device is in peripheral mode
> Can you have two devices, one in peripheral mode and one in host mode,
> on the same system ?

Not 100% sure, but I'm thinking there is only one OTG port for
all sunxi boards. The operation is decided in the Kconfig.

>
>> there is no
>> struct usb_bus_priv allocated pointer, as the uclass driver
>> ("usb_dev_generic") doesn't call per_device_auto_alloc_size.
>>
>> This results in writing to the internal SDRAM at
>> 	priv->desc_before_addr = true;
>>
>> Signed-off-by: Stefan Mavrodiev <stefan at olimex.com>
>> ---
>>   drivers/usb/musb-new/sunxi.c | 8 ++++++--
>>   1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/usb/musb-new/sunxi.c b/drivers/usb/musb-new/sunxi.c
>> index 6cf9826cda..f3deb9bc66 100644
>> --- a/drivers/usb/musb-new/sunxi.c
>> +++ b/drivers/usb/musb-new/sunxi.c
>> @@ -435,11 +435,14 @@ static int musb_usb_probe(struct udevice *dev)
>>   {
>>   	struct sunxi_glue *glue = dev_get_priv(dev);
>>   	struct musb_host_data *host = &glue->mdata;
>> -	struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>   	struct musb_hdrc_platform_data pdata;
>>   	void *base = dev_read_addr_ptr(dev);
>>   	int ret;
>>   
>> +#ifdef CONFIG_USB_MUSB_HOST
>> +	struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>> +#endif
>> +
>>   	if (!base)
>>   		return -EINVAL;
>>   
>> @@ -459,7 +462,6 @@ static int musb_usb_probe(struct udevice *dev)
>>   		return ret;
>>   	}
>>   
>> -	priv->desc_before_addr = true;
> See my question at the beginning, and if that can be the case, the fix
> is to check if priv is not null here, eg.
> if (priv)
>   priv->...
>
> Still, why is the priv data not allocated for device ?

Depending on configuration, the device is registered ether as
UCLASS_USB_DEV_GENERIC or UCLASS_USB. There is no

    .per_device_auto_alloc_size = sizeof(struct usb_bus_priv),

for the second. (As seen in drivers/usb/host/usb-uclass.c)

>
>>   	memset(&pdata, 0, sizeof(pdata));
>>   	pdata.power = 250;
>> @@ -467,6 +469,8 @@ static int musb_usb_probe(struct udevice *dev)
>>   	pdata.config = glue->cfg->config;
>>   
>>   #ifdef CONFIG_USB_MUSB_HOST
>> +	priv->desc_before_addr = true;
>> +
>>   	pdata.mode = MUSB_HOST;
>>   	host->host = musb_init_controller(&pdata, &glue->dev, base);
>>   	if (!host->host)
>>
>

More information about the U-Boot mailing list