[U-Boot] [PATCH 1/1] usb: musb-new: sunxi: Fix null pointer access

Thu Dec 13 07:14:36 UTC 2018

On 12/5/18 3:16 PM, Marek Vasut wrote:
> On 12/05/2018 02:06 PM, Stefan Mavrodiev wrote:
>> On 12/5/18 2:57 PM, Marek Vasut wrote:
>>> On 12/05/2018 01:49 PM, Stefan Mavrodiev wrote:
>>>> When the device is in peripheral mode
>>> Can you have two devices, one in peripheral mode and one in host mode,
>>> on the same system ?
>> Not 100% sure, but I'm thinking there is only one OTG port for
>> all sunxi boards. The operation is decided in the Kconfig.
> I'm rather sure I saw sunxi boards with more than one USB port.
>
>>>> there is no
>>>> struct usb_bus_priv allocated pointer, as the uclass driver
>>>> ("usb_dev_generic") doesn't call per_device_auto_alloc_size.
>>>>
>>>> This results in writing to the internal SDRAM at
>>>>      priv->desc_before_addr = true;
>>>>
>>>> Signed-off-by: Stefan Mavrodiev <stefan at olimex.com>
>>>> ---
>>>>    drivers/usb/musb-new/sunxi.c | 8 ++++++--
>>>>    1 file changed, 6 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/usb/musb-new/sunxi.c b/drivers/usb/musb-new/sunxi.c
>>>> index 6cf9826cda..f3deb9bc66 100644
>>>> --- a/drivers/usb/musb-new/sunxi.c
>>>> +++ b/drivers/usb/musb-new/sunxi.c
>>>> @@ -435,11 +435,14 @@ static int musb_usb_probe(struct udevice *dev)
>>>>    {
>>>>        struct sunxi_glue *glue = dev_get_priv(dev);
>>>>        struct musb_host_data *host = &glue->mdata;
>>>> -    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>>>        struct musb_hdrc_platform_data pdata;
>>>>        void *base = dev_read_addr_ptr(dev);
>>>>        int ret;
>>>>    +#ifdef CONFIG_USB_MUSB_HOST
>>>> +    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>>> +#endif
>>>> +
>>>>        if (!base)
>>>>            return -EINVAL;
>>>>    @@ -459,7 +462,6 @@ static int musb_usb_probe(struct udevice *dev)
>>>>            return ret;
>>>>        }
>>>>    -    priv->desc_before_addr = true;
>>> See my question at the beginning, and if that can be the case, the fix
>>> is to check if priv is not null here, eg.
>>> if (priv)
>>>    priv->...
>>>
>>> Still, why is the priv data not allocated for device ?
>> Depending on configuration, the device is registered ether as
>> UCLASS_USB_DEV_GENERIC or UCLASS_USB. There is no
>>
>>     .per_device_auto_alloc_size = sizeof(struct usb_bus_priv),
>>
>> for the second. (As seen in drivers/usb/host/usb-uclass.c)
> I see the code is rather horrible. I'd expect all that configuration to
> come from DT otg-mode property instead of being hard-wired into the
> code. Sigh.
>
> Jagan, A-B ? I'd like to pick this .
>
>>>>        memset(&pdata, 0, sizeof(pdata));
>>>>        pdata.power = 250;
>>>> @@ -467,6 +469,8 @@ static int musb_usb_probe(struct udevice *dev)
>>>>        pdata.config = glue->cfg->config;
>>>>      #ifdef CONFIG_USB_MUSB_HOST
>>>> +    priv->desc_before_addr = true;
>>>> +
>>>>        pdata.mode = MUSB_HOST;
>>>>        host->host = musb_init_controller(&pdata, &glue->dev, base);
>>>>        if (!host->host)
>>>>
>
Any further comments?