[U-Boot] [PATCH 1/1] usb: musb-new: sunxi: Fix null pointer access

Thu Dec 13 13:28:58 UTC 2018

On 12/13/2018 08:14 AM, Stefan Mavrodiev wrote:
> 
> On 12/5/18 3:16 PM, Marek Vasut wrote:
>> On 12/05/2018 02:06 PM, Stefan Mavrodiev wrote:
>>> On 12/5/18 2:57 PM, Marek Vasut wrote:
>>>> On 12/05/2018 01:49 PM, Stefan Mavrodiev wrote:
>>>>> When the device is in peripheral mode
>>>> Can you have two devices, one in peripheral mode and one in host mode,
>>>> on the same system ?
>>> Not 100% sure, but I'm thinking there is only one OTG port for
>>> all sunxi boards. The operation is decided in the Kconfig.
>> I'm rather sure I saw sunxi boards with more than one USB port.
>>
>>>>> there is no
>>>>> struct usb_bus_priv allocated pointer, as the uclass driver
>>>>> ("usb_dev_generic") doesn't call per_device_auto_alloc_size.
>>>>>
>>>>> This results in writing to the internal SDRAM at
>>>>>      priv->desc_before_addr = true;
>>>>>
>>>>> Signed-off-by: Stefan Mavrodiev <stefan at olimex.com>
>>>>> ---
>>>>>    drivers/usb/musb-new/sunxi.c | 8 ++++++--
>>>>>    1 file changed, 6 insertions(+), 2 deletions(-)
>>>>>
>>>>> diff --git a/drivers/usb/musb-new/sunxi.c
>>>>> b/drivers/usb/musb-new/sunxi.c
>>>>> index 6cf9826cda..f3deb9bc66 100644
>>>>> --- a/drivers/usb/musb-new/sunxi.c
>>>>> +++ b/drivers/usb/musb-new/sunxi.c
>>>>> @@ -435,11 +435,14 @@ static int musb_usb_probe(struct udevice *dev)
>>>>>    {
>>>>>        struct sunxi_glue *glue = dev_get_priv(dev);
>>>>>        struct musb_host_data *host = &glue->mdata;
>>>>> -    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>>>>        struct musb_hdrc_platform_data pdata;
>>>>>        void *base = dev_read_addr_ptr(dev);
>>>>>        int ret;
>>>>>    +#ifdef CONFIG_USB_MUSB_HOST
>>>>> +    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
>>>>> +#endif
>>>>> +
>>>>>        if (!base)
>>>>>            return -EINVAL;
>>>>>    @@ -459,7 +462,6 @@ static int musb_usb_probe(struct udevice *dev)
>>>>>            return ret;
>>>>>        }
>>>>>    -    priv->desc_before_addr = true;
>>>> See my question at the beginning, and if that can be the case, the fix
>>>> is to check if priv is not null here, eg.
>>>> if (priv)
>>>>    priv->...
>>>>
>>>> Still, why is the priv data not allocated for device ?
>>> Depending on configuration, the device is registered ether as
>>> UCLASS_USB_DEV_GENERIC or UCLASS_USB. There is no
>>>
>>>     .per_device_auto_alloc_size = sizeof(struct usb_bus_priv),
>>>
>>> for the second. (As seen in drivers/usb/host/usb-uclass.c)
>> I see the code is rather horrible. I'd expect all that configuration to
>> come from DT otg-mode property instead of being hard-wired into the
>> code. Sigh.
>>
>> Jagan, A-B ? I'd like to pick this .
>>
>>>>>        memset(&pdata, 0, sizeof(pdata));
>>>>>        pdata.power = 250;
>>>>> @@ -467,6 +469,8 @@ static int musb_usb_probe(struct udevice *dev)
>>>>>        pdata.config = glue->cfg->config;
>>>>>      #ifdef CONFIG_USB_MUSB_HOST
>>>>> +    priv->desc_before_addr = true;
>>>>> +
>>>>>        pdata.mode = MUSB_HOST;
>>>>>        host->host = musb_init_controller(&pdata, &glue->dev, base);
>>>>>        if (!host->host)
>>>>>
>>
> Any further comments?

As Jagan is inactive, applied.

-- 
Best regards,
Marek Vasut