[U-Boot] [PATCH 1/1] usb: musb-new: sunxi: Fix null pointer access

Wed Dec 5 13:16:27 UTC 2018

On 12/05/2018 02:06 PM, Stefan Mavrodiev wrote:
> 
> On 12/5/18 2:57 PM, Marek Vasut wrote:
>> On 12/05/2018 01:49 PM, Stefan Mavrodiev wrote:
>>> When the device is in peripheral mode
>> Can you have two devices, one in peripheral mode and one in host mode,
>> on the same system ?
> 
> Not 100% sure, but I'm thinking there is only one OTG port for
> all sunxi boards. The operation is decided in the Kconfig.

I'm rather sure I saw sunxi boards with more than one USB port.

>>> there is no
>>> struct usb_bus_priv allocated pointer, as the uclass driver
>>> ("usb_dev_generic") doesn't call per_device_auto_alloc_size.
>>>
>>> This results in writing to the internal SDRAM at
>>>     priv->desc_before_addr = true;
>>>
>>> Signed-off-by: Stefan Mavrodiev <stefan at olimex.com>
>>> ---
>>>   drivers/usb/musb-new/sunxi.c | 8 ++++++--
>>>   1 file changed, 6 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/usb/musb-new/sunxi.c b/drivers/usb/musb-new/sunxi.c
>>> index 6cf9826cda..f3deb9bc66 100644
>>> --- a/drivers/usb/musb-new/sunxi.c
>>> +++ b/drivers/usb/musb-new/sunxi.c
>>> @@ -435,11 +435,14 @@ static int musb_usb_probe(struct udevice *dev)
>>>   {
>>>       struct sunxi_glue *glue = dev_get_priv(dev);
>>>       struct musb_host_data *host = &glue->mdata;
>>> -    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>>       struct musb_hdrc_platform_data pdata;
>>>       void *base = dev_read_addr_ptr(dev);
>>>       int ret;
>>>   +#ifdef CONFIG_USB_MUSB_HOST
>>> +    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>> +#endif
>>> +
>>>       if (!base)
>>>           return -EINVAL;
>>>   @@ -459,7 +462,6 @@ static int musb_usb_probe(struct udevice *dev)
>>>           return ret;
>>>       }
>>>   -    priv->desc_before_addr = true;
>> See my question at the beginning, and if that can be the case, the fix
>> is to check if priv is not null here, eg.
>> if (priv)
>>   priv->...
>>
>> Still, why is the priv data not allocated for device ?
> 
> Depending on configuration, the device is registered ether as
> UCLASS_USB_DEV_GENERIC or UCLASS_USB. There is no
> 
>    .per_device_auto_alloc_size = sizeof(struct usb_bus_priv),
> 
> for the second. (As seen in drivers/usb/host/usb-uclass.c)

I see the code is rather horrible. I'd expect all that configuration to
come from DT otg-mode property instead of being hard-wired into the
code. Sigh.

Jagan, A-B ? I'd like to pick this .

>>
>>>       memset(&pdata, 0, sizeof(pdata));
>>>       pdata.power = 250;
>>> @@ -467,6 +469,8 @@ static int musb_usb_probe(struct udevice *dev)
>>>       pdata.config = glue->cfg->config;
>>>     #ifdef CONFIG_USB_MUSB_HOST
>>> +    priv->desc_before_addr = true;
>>> +
>>>       pdata.mode = MUSB_HOST;
>>>       host->host = musb_init_controller(&pdata, &glue->dev, base);
>>>       if (!host->host)
>>>
>>

-- 
Best regards,
Marek Vasut