summaryrefslogtreecommitdiff
path: root/drivers/usb/cdns3/cdnsp-mem.c
AgeCommit message (Collapse)Author
2021-12-03usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()Zhou Qingyang
In cdnsp_endpoint_init(), cdnsp_ring_alloc() is assigned to pep->ring and there is a dereference of it in cdnsp_endpoint_init(), which could lead to a NULL pointer dereference on failure of cdnsp_ring_alloc(). Fix this bug by adding a check of pep->ring. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_USB_CDNSP_GADGET=y show no new warnings, and our static analyzer no longer warns about this code. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable <stable@vger.kernel.org> Acked-by: Pawel Laszczak <pawell@cadence.com> Acked-by: Peter Chen <peter.chen@kernel.org> Signed-off-by: Zhou Qingyang <zhou1615@umn.edu> Link: https://lore.kernel.org/r/20211130172700.206650-1-zhou1615@umn.edu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-08-13usb: cdnsp: fix the wrong mult value for HS isoc or intrChunfeng Yun
usb_endpoint_maxp() only returns the bit[10:0] of wMaxPacketSize of endpoint descriptor, not include bit[12:11] anymore, so use usb_endpoint_maxp_mult() instead. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable@vger.kernel.org Acked-by: Felipe Balbi <balbi@kernel.org> Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com> Link: https://lore.kernel.org/r/1628836253-7432-4-git-send-email-chunfeng.yun@mediatek.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-05-11usb: cdnsp: Useless condition has been removedPawel Laszczak
This code generates a Smatch warning: drivers/usb/cdns3/cdnsp-mem.c:1085 cdnsp_mem_cleanup() warn: variable dereferenced before check 'pdev->dcbaa' (see line 1067) The unchecked dereference happens inside the function when we call: cdnsp_free_priv_device(pdev); But fortunately, the "pdev->dcbaa" pointer can never be NULL so it does not lead to a runtime issue. We can just remove the NULL check which silences the warning and makes the code consistent. Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pawel Laszczak <pawell@cadence.com> Link: https://lore.kernel.org/r/20210505055854.40240-1-pawell@gli-login.cadence.com Signed-off-by: Peter Chen <peter.chen@kernel.org>
2021-04-12usb: cdnsp: remove redundant initialization of variable retColin Ian King
The variable ret is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Pawel Laszczak <pawell@cadence.com> Signed-off-by: Peter Chen <peter.chen@kernel.org>
2021-04-12usb: cdns3: delete repeated clear operationsWang Qing
dma_alloc_coherent already zeroes out memory, so memset is not needed. Signed-off-by: Wang Qing <wangqing@vivo.com> Reviewed-by: Pawel Laszczak <pawell@cadence.com> Acked-by: Pawel Laszczak <pawell@cadence.com> Signed-off-by: Peter Chen <peter.chen@kernel.org>
2020-12-29usb: cdnsp: Fixes for sparse warningsPawel Laszczak
Patch fixes all sparse warnings in cdsnp driver. It fixes the following warnings: cdnsp-ring.c:1441: warning: incorrect type in assignment cdnsp-ring.c:1444: warning: restricted __le32 degrades to integer cdnsp-ring.c:2200: warning: dubious: x | !y cdnsp-gadget.c:501: warning: incorrect type in assignment cdnsp-gadget.c:504: warning: restricted __le32 degrades to integer cdnsp-gadget.c:507: warning: restricted __le32 degrades to integer cdnsp-gadget.c:508: warning: restricted __le32 degrades to integer cdnsp-gadget.c:509: warning: invalid assignment: |= cdnsp-gadget.c:510: warning: cast from restricted __le32 cdnsp-gadget.c:558: warning: incorrect type in assignment cdnsp-gadget.c:561: warning: restricted __le32 degrades to integer cdnsp-gadget.c:570: warning: restricted __le32 degrades to integer cdnsp-gadget.c:1571: warning: incorrect type in argument 1 cdnsp-gadget.c:1602: warning: restricted __le32 degrades to integer cdnsp-gadget.c:1760: warning: incorrect type in assignment cdnsp-gadget.c:1762: warning: incorrect type in assignment cdnsp-gadget.c:1763: warning: incorrect type in assignment cdnsp-gadget.c:1764: warning: incorrect type in assignment cdnsp-gadget.c:1765: warning: incorrect type in assignment cdnsp-gadget.c:1766: warning: incorrect type in assignment cdnsp-gadget.c:1767: warning: incorrect type in assignment cdnsp-gadget.c:458: warning: cast truncates bits from constant value (ffffffff07ffffff becomes 7ffffff) cdnsp-gadget.c:666: warning: cast truncates bits from constant value (ffffffff07ffffff becomes 7ffffff) cdnsp-mem.c:762: warning: incorrect type in assignment cdnsp-mem.c:763: warning: incorrect type in assignment cdnsp-mem.c:928: warning: cast from restricted __le16 cdnsp-mem.c:1187: warning: incorrect type in assignment cdnsp-mem.c:1191: warning: incorrect type in assignment cdnsp-ep0.c:142: warning: incorrect type in assignment cdnsp-ep0.c:144: warning: restricted __le32 degrades to integer cdnsp-ep0.c:147: warning: restricted __le32 degrades to integer cdnsp-ep0.c:148: warning: restricted __le32 degrades to integer cdnsp-ep0.c:179: warning: incorrect type in argument 1 cdnsp-ep0.c:311: warning: incorrect type in argument 1 cdnsp-ep0.c:469: warning: incorrect type in assignment cdnsp-trace.h:611:1: warning: cast from restricted __le32 Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Pawel Laszczak <pawell@cadence.com> Signed-off-by: Peter Chen <peter.chen@nxp.com>
2020-12-29usb: cdnsp: fix error handling in cdnsp_mem_init()Pawel Laszczak
This function uses "One Function Cleans up Everything" style and that's basically impossible to do correctly. It's cleaner to write it with "clean up the most recent allocation". Patch fixes two isues: 1. If pdev->dcbaa = dma_alloc_coherent() fails then that leads to a NULL dereference inside the cdnsp_free_priv_device() function. 2. if cdnsp_alloc_priv_device() fails that leads to a double free because we free pdev->out_ctx.bytes in several places. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pawel Laszczak <pawell@cadence.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Tested-by: Pawel Laszczak <pawell@cadence.com> Signed-off-by: Peter Chen <peter.chen@nxp.com>
2020-12-29usb: cdnsp: Removes some not useful function argumentsPawel Laszczak
This patch removes 'flags' argument from some functions and use indirect the correct GFP_XXX flag to fix the following warning: 'The patch d40a169aab24: "usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver" from Dec 7, 2020, leads to the following static checker warning: drivers/usb/cdns3/cdnsp-mem.c:1229 cdnsp_mem_init() warn: use 'flags' here instead of GFP_XXX? drivers/usb/cdns3/cdnsp-mem.c 1206 int cdnsp_mem_init(struct cdnsp_device *pdev, gfp_t flags);' ^^^^^^^^^^^ Signed-off-by: Pawel Laszczak <pawell@cadence.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Peter Chen <peter.chen@nxp.com>
2020-12-29usb: cdnsp: Add tracepoints for CDNSP driverPawel Laszczak
Patch adds the series of tracepoints that can be used for debugging issues detected in driver. Signed-off-by: Pawel Laszczak <pawell@cadence.com> Reviewed-by: Peter Chen <peter.chen@nxp.com> Signed-off-by: Peter Chen <peter.chen@nxp.com>
2020-12-29usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD DriverPawel Laszczak
This patch introduces the main part of Cadence USBSSP DRD driver to Linux kernel. To reduce the patch size a little bit, the header file gadget.h was intentionally added as separate patch. The Cadence USBSSP DRD Controller is a highly configurable IP Core which can be instantiated as Dual-Role Device (DRD), Peripheral Only and Host Only (XHCI)configurations. The current driver has been validated with FPGA platform. We have support for PCIe bus, which is used on FPGA prototyping. The host side of USBSS DRD controller is compliant with XHCI. The architecture for device side is almost the same as for host side, and most of the XHCI specification can be used to understand how this controller operates. Signed-off-by: Pawel Laszczak <pawell@cadence.com> Signed-off-by: Peter Chen <peter.chen@nxp.com>