> -----Original Message-----
> From: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, June 16, 2021 11:55 PM
> To: Jun Li <jun.li@xxxxxxx>
> Cc: peter.chen@xxxxxxxxxx; gregkh@xxxxxxxxxxxxxxxxxxx;
> linux-usb@xxxxxxxxxxxxxxx; dl-linux-imx <linux-imx@xxxxxxx>; Zhipeng Wang
> <zhipeng.wang_1@xxxxxxx>
> Subject: Re: [PATCH] usb: chipidea: host: fix port index underflow and UBSAN
> complains
>
> On Wed, Jun 16, 2021 at 10:24:58AM +0800, Li Jun wrote:
> > If wIndex is 0 (and it often is), these calculations underflow and
> > UBSAN complains, here resolve this by not decrementing the index when
> > it is equal to 0, this copies the solution from commit 85e3990bea49
> > ("USB: EHCI: avoid undefined pointer arithmetic and placate UBSAN")
> >
> > Reported-by: zhipeng.wang <zhipeng.wang_1@xxxxxxx>
> > Signed-off-by: Li Jun <jun.li@xxxxxxx>
> > ---
> > drivers/usb/chipidea/host.c | 8 +++++---
> > 1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c
> > index e86d13c04bdb..25327b1b49b7 100644
> > --- a/drivers/usb/chipidea/host.c
> > +++ b/drivers/usb/chipidea/host.c
> > @@ -241,14 +241,16 @@ static int ci_ehci_hub_control( {
> > struct ehci_hcd *ehci = hcd_to_ehci(hcd);
> > u32 __iomem *status_reg;
> > - u32 temp;
> > + u32 temp, port_index;
> > unsigned long flags;
> > int retval = 0;
> > bool done = false;
> > struct device *dev = hcd->self.controller;
> > struct ci_hdrc *ci = dev_get_drvdata(dev);
> >
> > - status_reg = &ehci->regs->port_status[(wIndex & 0xff) - 1];
> > + port_index = wIndex & 0xff;
> > + port_index -= (port_index > 0);
> > + status_reg = &ehci->regs->port_status[port_index];
> >
> > spin_lock_irqsave(&ehci->lock, flags);
> >
> > @@ -288,7 +290,7 @@ static int ci_ehci_hub_control(
> > ehci_writel(ehci, temp, status_reg);
> > }
> >
> > - set_bit((wIndex & 0xff) - 1, &ehci->suspended_ports);
> > + set_bit(port_index, &ehci->suspended_ports);
> > goto done;
> > }
>
> Does this code test anywhere to ensure that wIndex > 0 and wIndex <= number
> of ports?
Missed that, thanks for pointing it out, will add it in v2.
Li Jun
>
> Alan Stern
