[U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled
@ 2015-07-24 15:14 Rob Herring
  2015-07-24 19:15 ` Stephen Warren
  2015-07-24 20:05 ` Marek Vasut
  0 siblings, 2 replies; 3+ messages in thread
From: Rob Herring @ 2015-07-24 15:14 UTC (permalink / raw)
  To: u-boot

The ci_udc driver request allocation assumes that the endpoint descriptor
pointer is set to retrieve the endpoint number, but that is only true
when the endpoint is enabled. This results in a NULL ptr dereference
which for me happens to return 0 value. This causes the EP0 request
struct to be returned for other endpoints. Some gadget drivers like
fastboot and USB MS work fine, but ethernet does not.

Really, the ci_udc driver is the oddball here doing this EP0 special
case handling Stephen added. All the other drivers alloc/free functions
are pretty much the same with the only variation being the size of the
private struct. This could all be consolidated to a common function.

Signed-off-by: Rob Herring <robh@kernel.org>
Cc: Marek Vasut <marex@denx.de>
Cc: Stephen Warren <swarren@nvidia.com>
---
 drivers/usb/gadget/ci_udc.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/usb/gadget/ci_udc.c b/drivers/usb/gadget/ci_udc.c
index aadff42..4b8dccc 100644
--- a/drivers/usb/gadget/ci_udc.c
+++ b/drivers/usb/gadget/ci_udc.c
@@ -258,10 +258,12 @@ static struct usb_request *
 ci_ep_alloc_request(struct usb_ep *ep, unsigned int gfp_flags)
 {
 	struct ci_ep *ci_ep = container_of(ep, struct ci_ep, ep);
-	int num;
+	int num = -1;
 	struct ci_req *ci_req;
 
-	num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
+	if (ci_ep->desc)
+		num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
+
 	if (num == 0 && controller.ep0_req)
 		return &controller.ep0_req->req;
 
@@ -281,9 +283,11 @@ static void ci_ep_free_request(struct usb_ep *ep, struct usb_request *req)
 {
 	struct ci_ep *ci_ep = container_of(ep, struct ci_ep, ep);
 	struct ci_req *ci_req = container_of(req, struct ci_req, req);
-	int num;
+	int num = -1;
+
+	if (ci_ep->desc)
+		num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
 
-	num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
 	if (num == 0) {
 		if (!controller.ep0_req)
 			return;
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled
  2015-07-24 15:14 [U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled Rob Herring
@ 2015-07-24 19:15 ` Stephen Warren
  2015-07-24 20:05 ` Marek Vasut
  1 sibling, 0 replies; 3+ messages in thread
From: Stephen Warren @ 2015-07-24 19:15 UTC (permalink / raw)
  To: u-boot

On 07/24/2015 09:14 AM, Rob Herring wrote:
> The ci_udc driver request allocation assumes that the endpoint descriptor
> pointer is set to retrieve the endpoint number, but that is only true
> when the endpoint is enabled. This results in a NULL ptr dereference
> which for me happens to return 0 value. This causes the EP0 request
> struct to be returned for other endpoints. Some gadget drivers like
> fastboot and USB MS work fine, but ethernet does not.
>
> Really, the ci_udc driver is the oddball here doing this EP0 special
> case handling Stephen added. All the other drivers alloc/free functions
> are pretty much the same with the only variation being the size of the
> private struct. This could all be consolidated to a common function.

Acked-by: Stephen Warren <swarren@nvidia.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled
  2015-07-24 15:14 [U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled Rob Herring
  2015-07-24 19:15 ` Stephen Warren
@ 2015-07-24 20:05 ` Marek Vasut
  1 sibling, 0 replies; 3+ messages in thread
From: Marek Vasut @ 2015-07-24 20:05 UTC (permalink / raw)
  To: u-boot

On Friday, July 24, 2015 at 05:14:21 PM, Rob Herring wrote:
> The ci_udc driver request allocation assumes that the endpoint descriptor
> pointer is set to retrieve the endpoint number, but that is only true
> when the endpoint is enabled. This results in a NULL ptr dereference
> which for me happens to return 0 value. This causes the EP0 request
> struct to be returned for other endpoints. Some gadget drivers like
> fastboot and USB MS work fine, but ethernet does not.
> 
> Really, the ci_udc driver is the oddball here doing this EP0 special
> case handling Stephen added. All the other drivers alloc/free functions
> are pretty much the same with the only variation being the size of the
> private struct. This could all be consolidated to a common function.
> 
> Signed-off-by: Rob Herring <robh@kernel.org>
> Cc: Marek Vasut <marex@denx.de>
> Cc: Stephen Warren <swarren@nvidia.com>

Applied, thanks!

Best regards,
Marek Vasut

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-07-24 20:05 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-24 15:14 [U-Boot] [PATCH] usb: ci_udc: fix request allocation when endpoints are disabled Rob Herring
2015-07-24 19:15 ` Stephen Warren
2015-07-24 20:05 ` Marek Vasut

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox