From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sasha Levin <sashal@kernel.org>,
Colin Ian King <colin.king@canonical.com>,
linux-usb@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
Felipe Balbi <balbi@kernel.org>
Subject: [PATCH AUTOSEL 4.19 114/172] usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
Date: Wed, 17 Jun 2020 21:21:20 -0400 [thread overview]
Message-ID: <20200618012218.607130-114-sashal@kernel.org> (raw)
In-Reply-To: <20200618012218.607130-1-sashal@kernel.org>
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit eafa80041645cd7604c4357b1a0cd4a3c81f2227 ]
Currently pointer ep is being dereferenced before it is null checked
leading to a null pointer dereference issue. Fix this by only assigning
pointer udc once ep is known to be not null. Also remove a debug
message that requires a valid udc which may not be possible at that
point.
Addresses-Coverity: ("Dereference before null check")
Fixes: 24a28e428351 ("USB: gadget driver for LPC32xx")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/lpc32xx_udc.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/gadget/udc/lpc32xx_udc.c b/drivers/usb/gadget/udc/lpc32xx_udc.c
index 21921db068f6..cf56819f16e4 100644
--- a/drivers/usb/gadget/udc/lpc32xx_udc.c
+++ b/drivers/usb/gadget/udc/lpc32xx_udc.c
@@ -1602,17 +1602,17 @@ static int lpc32xx_ep_enable(struct usb_ep *_ep,
const struct usb_endpoint_descriptor *desc)
{
struct lpc32xx_ep *ep = container_of(_ep, struct lpc32xx_ep, ep);
- struct lpc32xx_udc *udc = ep->udc;
+ struct lpc32xx_udc *udc;
u16 maxpacket;
u32 tmp;
unsigned long flags;
/* Verify EP data */
if ((!_ep) || (!ep) || (!desc) ||
- (desc->bDescriptorType != USB_DT_ENDPOINT)) {
- dev_dbg(udc->dev, "bad ep or descriptor\n");
+ (desc->bDescriptorType != USB_DT_ENDPOINT))
return -EINVAL;
- }
+
+ udc = ep->udc;
maxpacket = usb_endpoint_maxp(desc);
if ((maxpacket == 0) || (maxpacket > ep->maxpacket)) {
dev_dbg(udc->dev, "bad ep descriptor's packet size\n");
@@ -1860,7 +1860,7 @@ static int lpc32xx_ep_dequeue(struct usb_ep *_ep, struct usb_request *_req)
static int lpc32xx_ep_set_halt(struct usb_ep *_ep, int value)
{
struct lpc32xx_ep *ep = container_of(_ep, struct lpc32xx_ep, ep);
- struct lpc32xx_udc *udc = ep->udc;
+ struct lpc32xx_udc *udc;
unsigned long flags;
if ((!ep) || (ep->hwep_num <= 1))
@@ -1870,6 +1870,7 @@ static int lpc32xx_ep_set_halt(struct usb_ep *_ep, int value)
if (ep->is_in)
return -EAGAIN;
+ udc = ep->udc;
spin_lock_irqsave(&udc->lock, flags);
if (value == 1) {
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-06-18 1:57 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200618012218.607130-1-sashal@kernel.org>
2020-06-18 1:19 ` [PATCH AUTOSEL 4.19 002/172] clk: sunxi: Fix incorrect usage of round_down() Sasha Levin
2020-06-18 1:19 ` [PATCH AUTOSEL 4.19 012/172] ARM: integrator: Add some Kconfig selections Sasha Levin
2020-06-18 1:19 ` [PATCH AUTOSEL 4.19 022/172] clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical Sasha Levin
2020-06-18 1:19 ` [PATCH AUTOSEL 4.19 024/172] serial: 8250: Fix max baud limit in generic 8250 port Sasha Levin
2020-06-18 1:19 ` [PATCH AUTOSEL 4.19 026/172] PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register Sasha Levin
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 047/172] ASoC: meson: add missing free_irq() in error path Sasha Levin
2020-06-19 13:28 ` Pavel Machek
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 054/172] arm64: dts: mt8173: fix unit name warnings Sasha Levin
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 056/172] ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity Sasha Levin
2020-06-18 1:20 ` [PATCH AUTOSEL 4.19 084/172] pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 096/172] usb/ohci-platform: Fix a warning when hibernating Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 102/172] clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 103/172] ARM: dts: meson: Switch existing boards with RGMII PHY to "rgmii-id" Sasha Levin
2020-06-18 1:21 ` Sasha Levin [this message]
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 122/172] clk: bcm2835: Fix return type of bcm2835_register_gate Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 140/172] scsi: ufs: Don't update urgent bkops level when toggling auto bkops Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 141/172] pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' Sasha Levin
2020-06-18 1:21 ` [PATCH AUTOSEL 4.19 142/172] pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' Sasha Levin
2020-06-18 1:22 ` [PATCH AUTOSEL 4.19 168/172] drm/sun4i: hdmi ddc clk: Fix size of m divider Sasha Levin
2020-06-18 1:22 ` [PATCH AUTOSEL 4.19 169/172] scsi: acornscsi: Fix an error handling path in acornscsi_probe() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200618012218.607130-114-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=balbi@kernel.org \
--cc=colin.king@canonical.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).