From: Giuseppe GORGOGLIONE
An uninitialized pointer is used to reference MUSB registers when
the device is setup to use static FIFOs and to configure endpoints
from hardware, causing a kernel crash. This bug was trivial but
probably never catched before because modern MUSB devices are
designed to have dynamic FIFOs and to configure endpoints from
tables.
Tested on STMicroelectronics Cartesio STA2062, an ARM based SoC
which is integrating two Mentor Inventra devices, one with static
FIFOs and static endpoint configuration from HW, and one with
dynamic FIFOs and dynamic endpoint configuration from tables.
Only the first device was hitting the bug.
Reference kernel version 2.6.28.4
Signed-off-by: Giuseppe GORGOGLIONE <giuseppe.gorgoglione@xxxxxx>
---
--- drivers/usb/musb/musb_core.c.orig 2009-02-06 22:47:45.000000000 +0100
+++ drivers/usb/musb/musb_core.c 2009-02-09 10:55:14.000000000 +0100
@@ -1259,7 +1259,7 @@ static int __init ep_config_from_hw(stru
hw_ep = musb->endpoints + epnum;
/* read from core using indexed model */
- reg = musb_readb(hw_ep->regs, 0x10 + MUSB_FIFOSIZE);
+ reg = musb_readb(mbase, MUSB_EP_OFFSET(epnum, MUSB_FIFOSIZE));
if (!reg) {
/* 0's returned when no more endpoints */
break;
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
