Hi Alan,
thank you for your effort. I applied it to 4.6.0 and I haven't seen
the USBSAN message reported anymore about this (though I do for ext4
and IP stack for example).
Tested-By: Martin MOKREJŠ <mmokrejs@xxxxxxxxx>
Alan Stern wrote:
Several people have reported that UBSAN doesn't like the pointer
arithmetic in ehci_hub_control():
u32 __iomem *status_reg = &ehci->regs->port_status[
(wIndex & 0xff) - 1];
u32 __iomem *hostpc_reg = &ehci->regs->hostpc[(wIndex & 0xff) - 1];
If wIndex is 0 (and it often is), these calculations underflow and
UBSAN complains.
According to the C standard, pointer computations leading to locations
outside the bounds of an array object (other than 1 position past the
end) are undefined. In this case, the compiler would be justified in
concluding the wIndex can never be 0 and then optimizing away the
tests for !wIndex that occur later in the subroutine. (Although,
since ehci->regs->port_status and ehci->regs->hostpc are both 0-length
arrays and are thus GCC extensions to the C standard, it's not clear
what the compiler is really allowed to do.)
At any rate, we can avoid all these difficulties, at the cost of
making the code slightly longer, by not decrementing the index when it
is equal to 0. The runtime effect is minimal, and anyway
ehci_hub_control() is not on a hot path.
Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
Reported-by: Valdis Kletnieks <Valdis.Kletnieks@xxxxxx>
Reported-by: Meelis Roos <mroos@xxxxxxxx>
Reported-by: Martin_MOKREJÅ <mmokrejs@xxxxxxxxx>
Reported-by: "Navin P.S" <navinp1912@xxxxxxxxx>
CC: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>
---
[as1801]
drivers/usb/host/ehci-hub.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
Index: usb-4.x/drivers/usb/host/ehci-hub.c
===================================================================
--- usb-4.x.orig/drivers/usb/host/ehci-hub.c
+++ usb-4.x/drivers/usb/host/ehci-hub.c
@@ -872,15 +872,23 @@ int ehci_hub_control(
) {
struct ehci_hcd *ehci = hcd_to_ehci (hcd);
int ports = HCS_N_PORTS (ehci->hcs_params);
- u32 __iomem *status_reg = &ehci->regs->port_status[
- (wIndex & 0xff) - 1];
- u32 __iomem *hostpc_reg = &ehci->regs->hostpc[(wIndex & 0xff) - 1];
+ u32 __iomem *status_reg, *hostpc_reg;
u32 temp, temp1, status;
unsigned long flags;
int retval = 0;
unsigned selector;
/*
+ * Avoid underflow while calculating (wIndex & 0xff) - 1.
+ * The compiler might deduce that wIndex can never be 0 and then
+ * optimize away the tests for !wIndex below.
+ */
+ temp = wIndex & 0xff;
+ temp -= (temp > 0);
+ status_reg = &ehci->regs->port_status[temp];
+ hostpc_reg = &ehci->regs->hostpc[temp];
+
+ /*
* FIXME: support SetPortFeatures USB_PORT_FEAT_INDICATOR.
* HCS_INDICATOR may say we can change LEDs to off/amber/green.
* (track current state ourselves) ... blink for diagnostics,
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
