| Message ID | 20220728163014.247082-1-strochuk@ispras.ru |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] usb: cdns3: change place of NULL check in cdns3_gadget_ep_enable() | expand |
On 28/07/2022 19:30, Andrey Strachuk wrote: > If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid and > priv_ep->cdns3_dev causes panic. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Andrey Strachuk <strochuk@ispras.ru> > Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Acked-by: Roger Quadros <rogerq@kernel.org> cheers, -roger
On Thu, Jul 28, 2022 at 07:30:14PM +0300, Andrey Strachuk wrote: > If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid and > priv_ep->cdns3_dev causes panic. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Andrey Strachuk <strochuk@ispras.ru> > Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") > --- > drivers/usb/cdns3/cdns3-gadget.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) No information on what changed from v1 to v2 :( > > diff --git a/drivers/usb/cdns3/cdns3-gadget.c b/drivers/usb/cdns3/cdns3-gadget.c > index 5c15c48952a6..51de7457a3b8 100644 > --- a/drivers/usb/cdns3/cdns3-gadget.c > +++ b/drivers/usb/cdns3/cdns3-gadget.c > @@ -2284,11 +2284,14 @@ static int cdns3_gadget_ep_enable(struct usb_ep *ep, > int ret = 0; > int val; > > + if (!ep) > + return -EINVAL; How can ep ever be NULL at all? Why does this need to be checked? thanks, greg k-h
diff --git a/drivers/usb/cdns3/cdns3-gadget.c b/drivers/usb/cdns3/cdns3-gadget.c index 5c15c48952a6..51de7457a3b8 100644 --- a/drivers/usb/cdns3/cdns3-gadget.c +++ b/drivers/usb/cdns3/cdns3-gadget.c @@ -2284,11 +2284,14 @@ static int cdns3_gadget_ep_enable(struct usb_ep *ep, int ret = 0; int val; + if (!ep) + return -EINVAL; + priv_ep = ep_to_cdns3_ep(ep); priv_dev = priv_ep->cdns3_dev; comp_desc = priv_ep->endpoint.comp_desc; - if (!ep || !desc || desc->bDescriptorType != USB_DT_ENDPOINT) { + if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT) { dev_dbg(priv_dev->dev, "usbss: invalid parameters\n"); return -EINVAL; }
If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid and priv_ep->cdns3_dev causes panic. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Andrey Strachuk <strochuk@ispras.ru> Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") --- drivers/usb/cdns3/cdns3-gadget.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)