usb: dwc_otg: remove wrong memory accesses found by kasan

The macro DWC_OTG_OS_GETDEV() returns struct device which is made
from platform device and it is not element of struct usb_device.
So using to_usb_device() for the device pointer causes bad memory
access. Also, dwc_otg_hcd_is_bandwidth_allocated() requres
ep_hcpriv pointer, but passed parameter is double pointer and it
cuases bad memory access. Remove the wrong memory accesses.

Change-Id: I8292613f16fbf91ed9736b2a97e4afdb3bbbccec
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>

1 files changed, 3 insertions, 6 deletions

diff --git a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
index b36ea084f6b0..9925ebb7d417 100644
--- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
+++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
@@ -819,7 +819,7 @@ static int dwc_otg_urb_enqueue(struct usb_hcd *hcd,
 	if ((usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS)
 	    || (usb_pipetype(urb->pipe) == PIPE_INTERRUPT)) {
 		if (!dwc_otg_hcd_is_bandwidth_allocated
-		    (dwc_otg_hcd, ref_ep_hcpriv)) {
+		    (dwc_otg_hcd, *ref_ep_hcpriv)) {
 			alloc_bandwidth = 1;
 		}
 	}
@@ -1012,16 +1012,13 @@ static void endpoint_disable(struct usb_hcd *hcd, struct usb_host_endpoint *ep)
 static void endpoint_reset(struct usb_hcd *hcd, struct usb_host_endpoint *ep)
 {
 	dwc_irqflags_t flags;
-	struct usb_device *udev = NULL;
 	int epnum = usb_endpoint_num(&ep->desc);
 	int is_out = usb_endpoint_dir_out(&ep->desc);
 	int is_control = usb_endpoint_xfer_control(&ep->desc);
 	dwc_otg_hcd_t *dwc_otg_hcd = hcd_to_dwc_otg_hcd(hcd);
-        struct device *dev = DWC_OTG_OS_GETDEV(dwc_otg_hcd->otg_dev->os_dep);
+	struct usb_device *udev = hcd->self.root_hub;
 
-	if (dev)
-		udev = to_usb_device(dev);
-	else
+	if (!udev)
 		return;
 
 	DWC_DEBUGPL(DBG_HCD, "DWC OTG HCD EP RESET: Endpoint Num=0x%02d\n", epnum);