From 1bfde50bf23cec8886bb7d1bfa74e56649fbd655 Mon Sep 17 00:00:00 2001 From: Seung-Woo Kim Date: Wed, 17 Jan 2018 10:29:01 +0900 Subject: usb: dwc_otg: remove wrong memory accesses found by kasan The macro DWC_OTG_OS_GETDEV() returns struct device which is made from platform device and it is not element of struct usb_device. So using to_usb_device() for the device pointer causes bad memory access. Also, dwc_otg_hcd_is_bandwidth_allocated() requres ep_hcpriv pointer, but passed parameter is double pointer and it cuases bad memory access. Remove the wrong memory accesses. Change-Id: I8292613f16fbf91ed9736b2a97e4afdb3bbbccec Signed-off-by: Seung-Woo Kim --- drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c index b36ea084f6b0..9925ebb7d417 100644 --- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c +++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c @@ -819,7 +819,7 @@ static int dwc_otg_urb_enqueue(struct usb_hcd *hcd, if ((usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) || (usb_pipetype(urb->pipe) == PIPE_INTERRUPT)) { if (!dwc_otg_hcd_is_bandwidth_allocated - (dwc_otg_hcd, ref_ep_hcpriv)) { + (dwc_otg_hcd, *ref_ep_hcpriv)) { alloc_bandwidth = 1; } } @@ -1012,16 +1012,13 @@ static void endpoint_disable(struct usb_hcd *hcd, struct usb_host_endpoint *ep) static void endpoint_reset(struct usb_hcd *hcd, struct usb_host_endpoint *ep) { dwc_irqflags_t flags; - struct usb_device *udev = NULL; int epnum = usb_endpoint_num(&ep->desc); int is_out = usb_endpoint_dir_out(&ep->desc); int is_control = usb_endpoint_xfer_control(&ep->desc); dwc_otg_hcd_t *dwc_otg_hcd = hcd_to_dwc_otg_hcd(hcd); - struct device *dev = DWC_OTG_OS_GETDEV(dwc_otg_hcd->otg_dev->os_dep); + struct usb_device *udev = hcd->self.root_hub; - if (dev) - udev = to_usb_device(dev); - else + if (!udev) return; DWC_DEBUGPL(DBG_HCD, "DWC OTG HCD EP RESET: Endpoint Num=0x%02d\n", epnum); -- cgit v1.2.3