On Fri, Dec 23, 2022 at 10:54:37PM +0800, Greg KH wrote:
>> diff --git a/drivers/usb/gadget/udc/aspeed_udc.c b/drivers/usb/gadget/udc/aspeed_udc.c
>> index 01968e2167f9..7dc2457c7460 100644
>> --- a/drivers/usb/gadget/udc/aspeed_udc.c
>> +++ b/drivers/usb/gadget/udc/aspeed_udc.c
>> @@ -1516,6 +1516,10 @@ static int ast_udc_probe(struct platform_device *pdev)
>> AST_UDC_EP_DMA_SIZE *
>> AST_UDC_NUM_ENDPOINTS,
>> &udc->ep0_buf_dma, GFP_KERNEL);
>> + if (!udc->ep0_buf) {
>> + rc = -ENOMEM;
>> + goto err;
>> + }
>>
>> udc->gadget.speed = USB_SPEED_UNKNOWN;
>> udc->gadget.max_speed = USB_SPEED_HIGH;
>> --
>> 2.25.1
>>
>
> Why is this just a duplicate of the patch previously submitted here:
> https://lore.kernel.org/r/20221125092833.74822-1-yuancan@huawei.com
>
> confused,
>
> greg k-h
Yes, it is the same as mine.
As the previous patch had not been merged into the Linux kernel,
my tool found the same error and report it.
And both of us chose the most concise way to fix the error.
That is why the patches are the same.
Thanks,
Jiang
Yes, it is the same as mine.
As the previous patch had not been merged into the Linux kernel,
my tool found the same error and report it.
And both of us chose the most concise way to fix the error.
That is why the patches are the same.
Thanks,
Jiang
Add the check for the return value of dma_alloc_coherent in order to
avoid NULL pointer dereference.
This flaw was found using an experimental static analysis tool we are
developing, APP-Miner, which has not been disclosed.
The allyesconfig build using GCC 9.3.0 shows no new warning. As we
don't have a UDC device to test with, no runtime testing was able to
be performed.
Signed-off-by: Jiasheng Jiang <jiasheng(a)iscas.ac.cn>
---
Changelog:
v2 -> v3:
1. Add information of finding tool and tests to commit message.
v1 -> v2:
1. Add "goto err;" when allocation fails.
---
drivers/usb/gadget/udc/aspeed_udc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/gadget/udc/aspeed_udc.c b/drivers/usb/gadget/udc/aspeed_udc.c
index 01968e2167f9..7dc2457c7460 100644
--- a/drivers/usb/gadget/udc/aspeed_udc.c
+++ b/drivers/usb/gadget/udc/aspeed_udc.c
@@ -1516,6 +1516,10 @@ static int ast_udc_probe(struct platform_device *pdev)
AST_UDC_EP_DMA_SIZE *
AST_UDC_NUM_ENDPOINTS,
&udc->ep0_buf_dma, GFP_KERNEL);
+ if (!udc->ep0_buf) {
+ rc = -ENOMEM;
+ goto err;
+ }
udc->gadget.speed = USB_SPEED_UNKNOWN;
udc->gadget.max_speed = USB_SPEED_HIGH;
--
2.25.1
Add the check for the return value of dma_alloc_coherent in order to
avoid NULL pointer dereference.
This flaw was found using an experimental static analysis tool we are
developing, APP-Miner, which has not been disclosed.
The allyesconfig build using GCC 9.3.0 shows no new warning. As we
don't have a UDC device to test with, no runtime testing was able to
be performed.
Signed-off-by: Jiasheng Jiang <jiasheng(a)iscas.ac.cn>
---
Changelog:
v1 -> v2:
1. Add "goto err;" when allocation fails.
---
drivers/usb/gadget/udc/aspeed_udc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/gadget/udc/aspeed_udc.c b/drivers/usb/gadget/udc/aspeed_udc.c
index 01968e2167f9..7dc2457c7460 100644
--- a/drivers/usb/gadget/udc/aspeed_udc.c
+++ b/drivers/usb/gadget/udc/aspeed_udc.c
@@ -1516,6 +1516,10 @@ static int ast_udc_probe(struct platform_device *pdev)
AST_UDC_EP_DMA_SIZE *
AST_UDC_NUM_ENDPOINTS,
&udc->ep0_buf_dma, GFP_KERNEL);
+ if (!udc->ep0_buf) {
+ rc = -ENOMEM;
+ goto err;
+ }
udc->gadget.speed = USB_SPEED_UNKNOWN;
udc->gadget.max_speed = USB_SPEED_HIGH;
--
2.25.1