From: Greg KH <gregkh@linuxfoundation.org>
To: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: Mayank Rana <quic_mrana@quicinc.com>,
peter.chen@kernel.org, balbi@kernel.org,
stern@rowland.harvard.edu, chunfeng.yun@mediatek.com,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
Subject: Re: [PATCH RESEND] xhci: Use xhci_get_virt_ep() to validate ep_index
Date: Fri, 29 Apr 2022 12:36:26 +0200 [thread overview]
Message-ID: <Ymu/qqxpf68tF1FX@kroah.com> (raw)
In-Reply-To: <364cb857-71f0-b89d-54fb-5acb129451d2@linux.intel.com>
On Fri, Apr 29, 2022 at 01:23:50PM +0300, Mathias Nyman wrote:
> On 29.4.2022 13.02, Greg KH wrote:
> > On Fri, Apr 29, 2022 at 12:49:59PM +0300, Mathias Nyman wrote:
> >> On 28.4.2022 22.04, Mayank Rana wrote:
> >>> ring_doorbell_for_active_rings() API is being called from
> >>> multiple context. This specific API tries to get virt_dev
> >>> based endpoint using passed slot_id and ep_index. Some caller
> >>> API is having check against slot_id and ep_index using
> >>> xhci_get_virt_ep() API whereas xhci_handle_cmd_config_ep() API
> >>> only check ep_index against -1 value but not upper bound i.e.
> >>> EP_CTX_PER_DEV. Hence use xhci_get_virt_ep() API to get virt_dev
> >>> based endpoint which checks both slot_id and ep_index to get
> >>> valid endpoint.
> >>
> >> ep_index upper bound is known to be in range as EP_CTX_PER_DEV is 31,
> >> and ep_index = fls(u32 value) - 1 - 1;
> >>
> >> We can change to use xhci_get_virt_ep(), but this would be more useful
> >> earlier in xhci_handle_cmd_config_ep() where we touch the ep before
> >> calling ring_doorbell_for_active_rings()
> >>
> >> Also note that this codepath is only used for some prototype
> >> xHC controller that probably never made it to the market about 10 years ago.
> >
> > Can we just delete the codepath entirely then?
>
> Probably.
> Commit ac9d8fe7c6a8 USB: xhci: Add quirk for Fresco Logic xHCI hardware.
> that added this states:
>
> "This patch is for prototype hardware that will be given to other companies
> for evaluation purposes only, and should not reach consumer hands. Fresco
> Logic's next chip rev should have this bug fixed."
>
> Should we print some warning instead if this controller is used?
> just in case.
Would be a good idea, see if that hardware did actually get out into the
wild.
thanks,
greg k-h
next prev parent reply other threads:[~2022-04-29 10:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 19:04 [PATCH RESEND] xhci: Use xhci_get_virt_ep() to validate ep_index Mayank Rana
2022-04-29 9:49 ` Mathias Nyman
2022-04-29 10:02 ` Greg KH
2022-04-29 10:23 ` Mathias Nyman
2022-04-29 10:36 ` Greg KH [this message]
2022-04-29 10:13 ` Mathias Nyman
2022-04-29 19:01 ` Mayank Rana
2022-05-06 13:58 ` Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ymu/qqxpf68tF1FX@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=balbi@kernel.org \
--cc=chunfeng.yun@mediatek.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=peter.chen@kernel.org \
--cc=quic_mrana@quicinc.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).