[kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)

From: Dan Carpenter
Date: Mon Jun 22 2020 - 14:20:50 EST

Next message: Andrew Lunn: "Re: [PATCH 5/5] Huawei BMA: Adding Huawei BMA driver: host_kbox_drv"
Previous message: Alexander A. Klimov: "[PATCH] Replace HTTP links with HTTPS ones: Documentation/admin-guide"
Next in thread: Ran Wang: "RE: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 625d3449788f85569096780592549d0340e9c0c7
commit: 75eaa498c99eebf9f9237656f69469e50197cc0b usb: gadget: Correct NULL pointer checking in fsl gadget
config: arm64-randconfig-m031-20200622 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

New smatch warnings:
drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)

# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75eaa498c99eebf9f9237656f69469e50197cc0b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout 75eaa498c99eebf9f9237656f69469e50197cc0b
vim +1055 drivers/usb/gadget/udc/fsl_udc_core.c

2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1047 static int fsl_ep_fifo_status(struct usb_ep *_ep)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1048 {
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1049 struct fsl_ep *ep;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1050 struct fsl_udc *udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1051 int size = 0;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1052 u32 bitmask;
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1053 struct ep_queue_head *qh;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1054
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 @1055 if (!_ep || _ep->desc || !(_ep->desc->bEndpointAddress&0xF))
^^^^^^^^^
Reversed NULL test. This will always return -ENODEV. (Or possibly
crash. But I suspect it always returns -ENODEV instead of crashing).

The container_of() macro doesn't dereference anything, btw. It just
does pointer math. I think it would be cleaner to use ep_index() like
the original code did. In other words, perhaps it would look best
written like this:

ep = container_of(_ep, struct fsl_ep, ep);
if (!_ep || !_ep->desc || ep_index(ep) == 0)

2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1056 return -ENODEV;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1057
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1058 ep = container_of(_ep, struct fsl_ep, ep);
75eaa498c99eeb drivers/usb/gadget/udc/fsl_udc_core.c Nikhil Badola 2019-10-21 1059
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1060 udc = (struct fsl_udc *)ep->udc;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1061
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1062 if (!udc->driver || udc->gadget.speed == USB_SPEED_UNKNOWN)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1063 return -ESHUTDOWN;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1064
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1065 qh = get_qh_by_ep(ep);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1066
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1067 bitmask = (ep_is_in(ep)) ? (1 << (ep_index(ep) + 16)) :
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1068 (1 << (ep_index(ep)));
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1069
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1070 if (fsl_readl(&dr_regs->endptstatus) & bitmask)
6414e94c203d92 drivers/usb/gadget/fsl_udc_core.c Li Yang 2011-11-23 1071 size = (qh->size_ioc_int_sts & DTD_PACKET_SIZE)
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1072 >> DTD_LENGTH_BIT_POS;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1073
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1074 pr_debug("%s %u\n", __func__, size);
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1075 return size;
2ea6698d7b9266 drivers/usb/gadget/fsl_udc_core.c Anatolij Gustschin 2011-04-18 1076 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

_______________________________________________
kbuild mailing list -- kbuild@xxxxxxxxxxxx
To unsubscribe send an email to kbuild-leave@xxxxxxxxxxxx

Next message: Andrew Lunn: "Re: [PATCH 5/5] Huawei BMA: Adding Huawei BMA driver: host_kbox_drv"
Previous message: Alexander A. Klimov: "[PATCH] Replace HTTP links with HTTPS ones: Documentation/admin-guide"
Next in thread: Ran Wang: "RE: [kbuild] drivers/usb/gadget/udc/fsl_udc_core.c:1055 fsl_ep_fifo_status() error: we previously assumed '_ep->desc' could be null (see line 1055)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]