From: kbuild test robot <lkp@intel.com>
To: Young Xiao <92siuyang@gmail.com>
Cc: kbuild-all@01.org, linux-usb@vger.kernel.org,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
greg@kroah.com, mchehab@kernel.org, keescook@chromium.org,
hans.verkuil@cisco.com, Young Xiao <YangX92@hotmail.com>
Subject: Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors
Date: Thu, 11 Apr 2019 22:36:50 +0800 [thread overview]
Message-ID: <201904112252.HfZVFACR%lkp@intel.com> (raw)
In-Reply-To: <1554958452-29794-1-git-send-email-92siuyang@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 6913 bytes --]
Hi Young,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on linuxtv-media/master]
[also build test ERROR on v5.1-rc4 next-20190410]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Young-Xiao/USB-s2255-stkwebcam-fix-oops-with-malicious-USB-descriptors/20190411-213648
base: git://linuxtv.org/media_tree.git master
config: xtensa-allyesconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 8.1.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=8.1.0 make.cross ARCH=xtensa
All errors (new ones prefixed by >>):
drivers/media/usb/s2255/s2255drv.c: In function 's2255_probe':
>> drivers/media/usb/s2255/s2255drv.c:2270:3: error: label 'error' used but not defined
goto error;
^~~~
--
drivers/media/usb/stkwebcam/stk-webcam.c: In function 'stk_camera_probe':
>> drivers/media/usb/stkwebcam/stk-webcam.c:1355:3: error: 'retval' undeclared (first use in this function); did you mean 'regval'?
retval = -EINVAL;
^~~~~~
regval
drivers/media/usb/stkwebcam/stk-webcam.c:1355:3: note: each undeclared identifier is reported only once for each function it appears in
vim +/error +2270 drivers/media/usb/s2255/s2255drv.c
2219
2220 /* standard usb probe function */
2221 static int s2255_probe(struct usb_interface *interface,
2222 const struct usb_device_id *id)
2223 {
2224 struct s2255_dev *dev = NULL;
2225 struct usb_host_interface *iface_desc;
2226 struct usb_endpoint_descriptor *endpoint;
2227 int i;
2228 int retval = -ENOMEM;
2229 __le32 *pdata;
2230 int fw_size;
2231
2232 /* allocate memory for our device state and initialize it to zero */
2233 dev = kzalloc(sizeof(struct s2255_dev), GFP_KERNEL);
2234 if (dev == NULL) {
2235 s2255_dev_err(&interface->dev, "out of memory\n");
2236 return -ENOMEM;
2237 }
2238
2239 dev->cmdbuf = kzalloc(S2255_CMDBUF_SIZE, GFP_KERNEL);
2240 if (dev->cmdbuf == NULL) {
2241 s2255_dev_err(&interface->dev, "out of memory\n");
2242 goto errorFWDATA1;
2243 }
2244
2245 atomic_set(&dev->num_channels, 0);
2246 dev->pid = id->idProduct;
2247 dev->fw_data = kzalloc(sizeof(struct s2255_fw), GFP_KERNEL);
2248 if (!dev->fw_data)
2249 goto errorFWDATA1;
2250 mutex_init(&dev->lock);
2251 mutex_init(&dev->cmdlock);
2252 /* grab usb_device and save it */
2253 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2254 if (dev->udev == NULL) {
2255 dev_err(&interface->dev, "null usb device\n");
2256 retval = -ENODEV;
2257 goto errorUDEV;
2258 }
2259 dev_dbg(&interface->dev, "dev: %p, udev %p interface %p\n",
2260 dev, dev->udev, interface);
2261 dev->interface = interface;
2262 /* set up the endpoint information */
2263 iface_desc = interface->cur_altsetting;
2264 dev_dbg(&interface->dev, "num EP: %d\n",
2265 iface_desc->desc.bNumEndpoints);
2266
2267 if (iface_desc->desc.bNumEndpoints < 1) {
2268 dev_err(&interface->dev, "Invalid number of endpoints\n");
2269 retval = -EINVAL;
> 2270 goto error;
2271 }
2272
2273 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2274 endpoint = &iface_desc->endpoint[i].desc;
2275 if (!dev->read_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2276 /* we found the bulk in endpoint */
2277 dev->read_endpoint = endpoint->bEndpointAddress;
2278 }
2279 }
2280
2281 if (!dev->read_endpoint) {
2282 dev_err(&interface->dev, "Could not find bulk-in endpoint\n");
2283 goto errorEP;
2284 }
2285 timer_setup(&dev->timer, s2255_timer, 0);
2286 init_waitqueue_head(&dev->fw_data->wait_fw);
2287 for (i = 0; i < MAX_CHANNELS; i++) {
2288 struct s2255_vc *vc = &dev->vc[i];
2289 vc->idx = i;
2290 vc->dev = dev;
2291 init_waitqueue_head(&vc->wait_setmode);
2292 init_waitqueue_head(&vc->wait_vidstatus);
2293 spin_lock_init(&vc->qlock);
2294 mutex_init(&vc->vb_lock);
2295 }
2296
2297 dev->fw_data->fw_urb = usb_alloc_urb(0, GFP_KERNEL);
2298 if (!dev->fw_data->fw_urb)
2299 goto errorFWURB;
2300
2301 dev->fw_data->pfw_data = kzalloc(CHUNK_SIZE, GFP_KERNEL);
2302 if (!dev->fw_data->pfw_data) {
2303 dev_err(&interface->dev, "out of memory!\n");
2304 goto errorFWDATA2;
2305 }
2306 /* load the first chunk */
2307 if (request_firmware(&dev->fw_data->fw,
2308 FIRMWARE_FILE_NAME, &dev->udev->dev)) {
2309 dev_err(&interface->dev, "sensoray 2255 failed to get firmware\n");
2310 goto errorREQFW;
2311 }
2312 /* check the firmware is valid */
2313 fw_size = dev->fw_data->fw->size;
2314 pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8];
2315
2316 if (*pdata != S2255_FW_MARKER) {
2317 dev_err(&interface->dev, "Firmware invalid.\n");
2318 retval = -ENODEV;
2319 goto errorFWMARKER;
2320 } else {
2321 /* make sure firmware is the latest */
2322 __le32 *pRel;
2323 pRel = (__le32 *) &dev->fw_data->fw->data[fw_size - 4];
2324 pr_info("s2255 dsp fw version %x\n", le32_to_cpu(*pRel));
2325 dev->dsp_fw_ver = le32_to_cpu(*pRel);
2326 if (dev->dsp_fw_ver < S2255_CUR_DSP_FWVER)
2327 pr_info("s2255: f2255usb.bin out of date.\n");
2328 if (dev->pid == 0x2257 &&
2329 dev->dsp_fw_ver < S2255_MIN_DSP_COLORFILTER)
2330 pr_warn("2257 needs firmware %d or above.\n",
2331 S2255_MIN_DSP_COLORFILTER);
2332 }
2333 usb_reset_device(dev->udev);
2334 /* load 2255 board specific */
2335 retval = s2255_board_init(dev);
2336 if (retval)
2337 goto errorBOARDINIT;
2338 s2255_fwload_start(dev);
2339 /* loads v4l specific */
2340 retval = s2255_probe_v4l(dev);
2341 if (retval)
2342 goto errorBOARDINIT;
2343 dev_info(&interface->dev, "Sensoray 2255 detected\n");
2344 return 0;
2345 errorBOARDINIT:
2346 s2255_board_shutdown(dev);
2347 errorFWMARKER:
2348 release_firmware(dev->fw_data->fw);
2349 errorREQFW:
2350 kfree(dev->fw_data->pfw_data);
2351 errorFWDATA2:
2352 usb_free_urb(dev->fw_data->fw_urb);
2353 errorFWURB:
2354 del_timer_sync(&dev->timer);
2355 errorEP:
2356 usb_put_dev(dev->udev);
2357 errorUDEV:
2358 kfree(dev->fw_data);
2359 mutex_destroy(&dev->lock);
2360 errorFWDATA1:
2361 kfree(dev->cmdbuf);
2362 kfree(dev);
2363 pr_warn("Sensoray 2255 driver load failed: 0x%x\n", retval);
2364 return retval;
2365 }
2366
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 56101 bytes --]
next prev parent reply other threads:[~2019-04-11 14:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 4:54 USB: s2255 & stkwebcam: fix oops with malicious USB descriptors Young Xiao
2019-04-11 4:54 ` [PATCH] " Young Xiao
2019-04-11 14:36 ` kbuild test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-04-12 2:39 Young Xiao
2019-04-12 2:39 ` Young Xiao
2019-04-12 8:04 ` Bjørn Mork
2019-04-12 8:04 ` Bjørn Mork
2019-04-12 8:58 ` Yang Xiao
2019-04-12 8:58 ` Yang Xiao
[not found] ` <CAKgHYH05R2CQ1XmS-KCTtL0J49D2kpnkBgyYxdPc47SNpaf8vA@mail.gmail.com>
2019-04-12 9:07 ` Bjørn Mork
2019-04-12 9:07 ` Bjørn Mork
2019-04-12 9:36 ` Yang Xiao
2019-04-12 9:36 ` Yang Xiao
2019-04-16 10:06 Greg KH
2019-04-16 10:06 ` [PATCH] " Greg KH
2019-04-16 11:26 Johan Hovold
2019-04-16 11:26 ` [PATCH] " Johan Hovold
2019-04-16 11:33 Johan Hovold
2019-04-16 11:33 ` [PATCH] " Johan Hovold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201904112252.HfZVFACR%lkp@intel.com \
--to=lkp@intel.com \
--cc=92siuyang@gmail.com \
--cc=YangX92@hotmail.com \
--cc=greg@kroah.com \
--cc=hans.verkuil@cisco.com \
--cc=kbuild-all@01.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mchehab@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.