From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org
Subject: drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
Date: Mon, 22 Jun 2020 21:20:23 +0300 [thread overview]
Message-ID: <20200622182023.GX4282@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 5301 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 625d3449788f85569096780592549d0340e9c0c7
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: arm64-randconfig-m031-20200622 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed NULL test. This will always return -ENODEV. (Or possibly
crash. But I suspect it always returns -ENODEV instead of crashing).
The container_of() macro doesn't dereference anything, btw. It just
does pointer math. I think it would be cleaner to use ep_index() like
the original code did. In other words, perhaps it would look best
written like this:
ep = container_of(_ep, struct fsl_ep, ep);
if (!_ep || !_ep->desc || ep_index(ep) == 0)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
_______________________________________________
kbuild mailing list -- kbuild(a)lists.01.org
To unsubscribe send an email to kbuild-leave(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 29486 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
Date: Mon, 22 Jun 2020 21:20:23 +0300 [thread overview]
Message-ID: <20200622182023.GX4282@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 5301 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 625d3449788f85569096780592549d0340e9c0c7
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: arm64-randconfig-m031-20200622 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed NULL test. This will always return -ENODEV. (Or possibly
crash. But I suspect it always returns -ENODEV instead of crashing).
The container_of() macro doesn't dereference anything, btw. It just
does pointer math. I think it would be cleaner to use ep_index() like
the original code did. In other words, perhaps it would look best
written like this:
ep = container_of(_ep, struct fsl_ep, ep);
if (!_ep || !_ep->desc || ep_index(ep) == 0)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
_______________________________________________
kbuild mailing list -- kbuild(a)lists.01.org
To unsubscribe send an email to kbuild-leave(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 29486 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Nikhil Badola <nikhil.badola@freescale.com>
Cc: lkp@intel.com, kbuild-all@lists.01.org,
linux-kernel@vger.kernel.org,
Felipe Balbi <felipe.balbi@linux.intel.com>,
Ran Wang <ran.wang_1@nxp.com>, Peter Chen <peter.chen@nxp.com>
Subject: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
Date: Mon, 22 Jun 2020 21:20:23 +0300 [thread overview]
Message-ID: <20200622182023.GX4282@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 5075 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 625d3449788f85569096780592549d0340e9c0c7
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: arm64-randconfig-m031-20200622 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed NULL test. This will always return -ENODEV. (Or possibly
crash. But I suspect it always returns -ENODEV instead of crashing).
The container_of() macro doesn't dereference anything, btw. It just
does pointer math. I think it would be cleaner to use ep_index() like
the original code did. In other words, perhaps it would look best
written like this:
ep = container_of(_ep, struct fsl_ep, ep);
if (!_ep || !_ep->desc || ep_index(ep) == 0)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 29486 bytes --]
[-- Attachment #3: Type: text/plain, Size: 149 bytes --]
_______________________________________________
kbuild mailing list -- kbuild@lists.01.org
To unsubscribe send an email to kbuild-leave@lists.01.org
next reply other threads:[~2020-06-22 18:20 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-22 18:20 Dan Carpenter [this message]
2020-06-22 18:20 ` [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055) Dan Carpenter
2020-06-22 18:20 ` Dan Carpenter
2020-06-23 2:22 ` Ran Wang
2020-06-23 2:22 ` Ran Wang
2020-06-23 10:36 ` Dan Carpenter
2020-06-23 10:36 ` [kbuild] " Dan Carpenter
2020-06-23 10:36 ` Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2020-09-01 9:45 Dan Carpenter
2020-09-01 9:41 kernel test robot
2020-06-22 14:34 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200622182023.GX4282@kadam \
--to=dan.carpenter@oracle.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.