* [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
@ 2020-06-22 18:20 Dan Carpenter
2020-06-23 2:22 ` Ran Wang
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2020-06-22 18:20 UTC (permalink / raw)
To: kbuild, Nikhil Badola
Cc: lkp, kbuild-all, linux-kernel, Felipe Balbi, Ran Wang, Peter Chen
[-- Attachment #1: Type: text/plain, Size: 5075 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 625d3449788f85569096780592549d0340e9c0c7
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: arm64-randconfig-m031-20200622 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed NULL test. This will always return -ENODEV. (Or possibly
crash. But I suspect it always returns -ENODEV instead of crashing).
The container_of() macro doesn't dereference anything, btw. It just
does pointer math. I think it would be cleaner to use ep_index() like
the original code did. In other words, perhaps it would look best
written like this:
ep = container_of(_ep, struct fsl_ep, ep);
if (!_ep || !_ep->desc || ep_index(ep) == 0)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 29486 bytes --]
[-- Attachment #3: Type: text/plain, Size: 149 bytes --]
_______________________________________________
kbuild mailing list -- kbuild@lists.01.org
To unsubscribe send an email to kbuild-leave@lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
2020-06-22 18:20 [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055) Dan Carpenter
@ 2020-06-23 2:22 ` Ran Wang
2020-06-23 10:36 ` Dan Carpenter
0 siblings, 1 reply; 4+ messages in thread
From: Ran Wang @ 2020-06-23 2:22 UTC (permalink / raw)
To: Dan Carpenter, kbuild
Cc: lkp, kbuild-all, linux-kernel, Felipe Balbi, Peter Chen
Hi Dan
On Tuesday, June 23, 2020 2:20 AM, Dan Carpenter wrote:
<snip>
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> New smatch warnings:
> drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we
> previously assumed '_ep->desc' could be null (see line 1055)
>
<snip>
>
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1048 {
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1049 struct fsl_ep *ep;
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1050 struct fsl_udc *udc;
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1051 int size = 0;
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1052 u32 bitmask;
> 6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang
> 2011-11-23 1053 struct ep_queue_head *qh;
> 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> 2011-04-18 1054
> 75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola
> 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
> ^^^^^^^^^ Reversed NULL test. This will always return -ENODEV. (Or possibly crash. But I suspect it always returns -ENODEV instead of crashing).
So the kernel test reports warning in case of '_ep->desc is null', right?
My understanding is that this judgement would return -ENODEV when
executing '... || _ep-desc ||..' and never execute '_ep->desc->bEndpointAddress' part,
so crash would not happen, am I right?
> The container_of() macro doesn't dereference anything, btw. It just does
> pointer math. I think it would be cleaner to use ep_index() like the original
> code did. In other words, perhaps it would look best written like this:
Yes, I agree using ep_index() would be easier for reading, just feel a little bit
uncomfortable to mix checking on _ep and it's container (ep) in the same line.
> ep = container_of(_ep, struct fsl_ep, ep);
> if (!_ep || !_ep->desc || ep_index(ep) == 0)
>
>
BTW, Nikhil Badola has left NXP (Freesale), so his email address is invalid now.
Thanks & Regards,
Ran
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
2020-06-23 2:22 ` Ran Wang
@ 2020-06-23 10:36 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2020-06-23 10:36 UTC (permalink / raw)
To: Ran Wang; +Cc: kbuild, lkp, kbuild-all, linux-kernel, Felipe Balbi, Peter Chen
On Tue, Jun 23, 2020 at 02:22:18AM +0000, Ran Wang wrote:
> Hi Dan
>
> On Tuesday, June 23, 2020 2:20 AM, Dan Carpenter wrote:
>
> <snip>
>
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > New smatch warnings:
> > drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we
> > previously assumed '_ep->desc' could be null (see line 1055)
> >
>
> <snip>
>
> >
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1048 {
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1049 struct fsl_ep *ep;
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1050 struct fsl_udc *udc;
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1051 int size = 0;
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1052 u32 bitmask;
> > 6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang
> > 2011-11-23 1053 struct ep_queue_head *qh;
> > 2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin
> > 2011-04-18 1054
> > 75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola
> > 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
> > ^^^^^^^^^ Reversed NULL test. This will always return -ENODEV. (Or possibly crash. But I suspect it always returns -ENODEV instead of crashing).
>
> So the kernel test reports warning in case of '_ep->desc is null', right?
>
> My understanding is that this judgement would return -ENODEV when
> executing '... || _ep-desc ||..' and never execute '_ep->desc->bEndpointAddress' part,
> so crash would not happen, am I right?
Yeah. I can't imagine how _ep->desc is NULL. It gets set to non-NULL
in fsl_ep_enable() and then set to NULL in fsl_ep_disable().
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
@ 2020-09-01 9:45 Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2020-09-01 9:45 UTC (permalink / raw)
To: kbuild, Nikhil Badola
Cc: lkp, kbuild-all, linux-kernel, Felipe Balbi, Ran Wang, Peter Chen
[-- Attachment #1: Type: text/plain, Size: 4808 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: b51594df17d0ce80b9f9f35394a1f42d7ac94472
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: powerpc64-randconfig-m031-20200901 (attached as .config)
compiler: powerpc-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)
Old smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:914 fsl_ep_queue() warn: variable dereferenced before check 'req' (see line 877)
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed condition. Missing !.
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 30800 bytes --]
[-- Attachment #3: Type: text/plain, Size: 149 bytes --]
_______________________________________________
kbuild mailing list -- kbuild@lists.01.org
To unsubscribe send an email to kbuild-leave@lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-09-01 9:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-22 18:20 [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055) Dan Carpenter
2020-06-23 2:22 ` Ran Wang
2020-06-23 10:36 ` Dan Carpenter
2020-09-01 9:45 Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).