[U-Boot] [PATCH 1/1] usb: musb-new: sunxi: Fix null pointer access

Fri Dec 14 10:14:58 UTC 2018

On Thu, Dec 13, 2018 at 7:00 PM Marek Vasut <marex at denx.de> wrote:
>
> On 12/13/2018 08:14 AM, Stefan Mavrodiev wrote:
> >
> > On 12/5/18 3:16 PM, Marek Vasut wrote:
> >> On 12/05/2018 02:06 PM, Stefan Mavrodiev wrote:
> >>> On 12/5/18 2:57 PM, Marek Vasut wrote:
> >>>> On 12/05/2018 01:49 PM, Stefan Mavrodiev wrote:
> >>>>> When the device is in peripheral mode
> >>>> Can you have two devices, one in peripheral mode and one in host mode,
> >>>> on the same system ?
> >>> Not 100% sure, but I'm thinking there is only one OTG port for
> >>> all sunxi boards. The operation is decided in the Kconfig.
> >> I'm rather sure I saw sunxi boards with more than one USB port.
> >>
> >>>>> there is no
> >>>>> struct usb_bus_priv allocated pointer, as the uclass driver
> >>>>> ("usb_dev_generic") doesn't call per_device_auto_alloc_size.
> >>>>>
> >>>>> This results in writing to the internal SDRAM at
> >>>>>      priv->desc_before_addr = true;
> >>>>>
> >>>>> Signed-off-by: Stefan Mavrodiev <stefan at olimex.com>
> >>>>> ---
> >>>>>    drivers/usb/musb-new/sunxi.c | 8 ++++++--
> >>>>>    1 file changed, 6 insertions(+), 2 deletions(-)
> >>>>>
> >>>>> diff --git a/drivers/usb/musb-new/sunxi.c
> >>>>> b/drivers/usb/musb-new/sunxi.c
> >>>>> index 6cf9826cda..f3deb9bc66 100644
> >>>>> --- a/drivers/usb/musb-new/sunxi.c
> >>>>> +++ b/drivers/usb/musb-new/sunxi.c
> >>>>> @@ -435,11 +435,14 @@ static int musb_usb_probe(struct udevice *dev)
> >>>>>    {
> >>>>>        struct sunxi_glue *glue = dev_get_priv(dev);
> >>>>>        struct musb_host_data *host = &glue->mdata;
> >>>>> -    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
> >>>>>        struct musb_hdrc_platform_data pdata;
> >>>>>        void *base = dev_read_addr_ptr(dev);
> >>>>>        int ret;
> >>>>>    +#ifdef CONFIG_USB_MUSB_HOST
> >>>>> +    struct usb_bus_priv *priv = dev_get_uclass_priv(dev);
> >>>>> +#endif
> >>>>> +
> >>>>>        if (!base)
> >>>>>            return -EINVAL;
> >>>>>    @@ -459,7 +462,6 @@ static int musb_usb_probe(struct udevice *dev)
> >>>>>            return ret;
> >>>>>        }
> >>>>>    -    priv->desc_before_addr = true;
> >>>> See my question at the beginning, and if that can be the case, the fix
> >>>> is to check if priv is not null here, eg.
> >>>> if (priv)
> >>>>    priv->...
> >>>>
> >>>> Still, why is the priv data not allocated for device ?
> >>> Depending on configuration, the device is registered ether as
> >>> UCLASS_USB_DEV_GENERIC or UCLASS_USB. There is no
> >>>
> >>>     .per_device_auto_alloc_size = sizeof(struct usb_bus_priv),
> >>>
> >>> for the second. (As seen in drivers/usb/host/usb-uclass.c)
> >> I see the code is rather horrible. I'd expect all that configuration to
> >> come from DT otg-mode property instead of being hard-wired into the
> >> code. Sigh.
> >>
> >> Jagan, A-B ? I'd like to pick this .
> >>
> >>>>>        memset(&pdata, 0, sizeof(pdata));
> >>>>>        pdata.power = 250;
> >>>>> @@ -467,6 +469,8 @@ static int musb_usb_probe(struct udevice *dev)
> >>>>>        pdata.config = glue->cfg->config;
> >>>>>      #ifdef CONFIG_USB_MUSB_HOST
> >>>>> +    priv->desc_before_addr = true;
> >>>>> +
> >>>>>        pdata.mode = MUSB_HOST;
> >>>>>        host->host = musb_init_controller(&pdata, &glue->dev, base);
> >>>>>        if (!host->host)
> >>>>>
> >>
> > Any further comments?
>
> As Jagan is inactive, applied.

Sorry, I was in travel in multiple locations couldn't find this patch.
Thanks for applying on your side.