On Mon, Feb 09, 2009 at 11:59:26AM +0100, ext Giuseppe GORGOGLIONE wrote:
>
>
> From: Giuseppe GORGOGLIONE
>
> An uninitialized pointer is used to reference MUSB registers when
> the device is setup to use static FIFOs and to configure endpoints
> from hardware, causing a kernel crash. This bug was trivial but
> probably never catched before because modern MUSB devices are
> designed to have dynamic FIFOs and to configure endpoints from
> tables.
>
> Tested on STMicroelectronics Cartesio STA2062, an ARM based SoC
> which is integrating two Mentor Inventra devices, one with static
> FIFOs and static endpoint configuration from HW, and one with
> dynamic FIFOs and dynamic endpoint configuration from tables.
> Only the first device was hitting the bug.
> Reference kernel version 2.6.28.4
>
> Signed-off-by: Giuseppe GORGOGLIONE <giuseppe.gorgoglione@xxxxxx>
This part is can see that won't apply on top of current musb's patches,
Blackfin's patches moved this to a static inline musb_read_fifosize().
Update your kernel tree and send this patch again, please ;-)
>
> ---
>
> --- drivers/usb/musb/musb_core.c.orig 2009-02-06 22:47:45.000000000 +0100
> +++ drivers/usb/musb/musb_core.c 2009-02-09 10:55:14.000000000 +0100
> @@ -1259,7 +1259,7 @@ static int __init ep_config_from_hw(stru
> hw_ep = musb->endpoints + epnum;
>
> /* read from core using indexed model */
> - reg = musb_readb(hw_ep->regs, 0x10 + MUSB_FIFOSIZE);
> + reg = musb_readb(mbase, MUSB_EP_OFFSET(epnum, MUSB_FIFOSIZE));
> if (!reg) {
> /* 0's returned when no more endpoints */
> break;
>
>
>
>
>
--
balbi
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
