From patchwork Mon Dec 2 08:34:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xu Yang X-Patchwork-Id: 13890123 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2042.outbound.protection.outlook.com [40.107.22.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18E451F9A90 for ; Mon, 2 Dec 2024 08:34:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.22.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128496; cv=fail; b=WwINW1cJzdci13oNUPyl1lRmpolNguUcK2sAw/2sLIxCz1+Y0iA3yTvReOVyQF5lDxV8VYnjO69j+2Hl7+JSUtF2rL3HImJ4kEWlmWum4cw+MLe/yxBaAsfk3//RnQW664UJuPdJahFiZ6V4gAxGW3iz6cf8siPo1KYQYuPaFFM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128496; c=relaxed/simple; bh=HTob8ECnYY0pjWqn/UP/a/G9BgScLq+wE81engs67HY=; h=From:To:Cc:Subject:Date:Message-Id:Content-Type:MIME-Version; b=FwcN7vZdMe/VRl7IjqgGv+U931mdF1NVtHSZjVgG1HlD8doDxHaOv3wq/5wgcBdzV/psLpiiBJFWCBWZoBAiU48BuZKWKqA2R0LAMRhr1ph5Ex7/vldr4IJToppeS0THnW7y5SpPTycSq1LWg78KgDxMq0sC3Y+6S1/85iA4gso= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com; spf=pass smtp.mailfrom=nxp.com; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b=Fmyediqh; arc=fail smtp.client-ip=40.107.22.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nxp.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=nxp.com header.i=@nxp.com header.b="Fmyediqh" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lB8f+kR5KQhxUW6Zi29pAFKe9M05HKssxUYb9YvjNnmN5kw5PDxyvYr17nEdN2d2Gi7LEGL5Osa5A60wJ/fnzGTnFY2LvoqweGVQDB2F31bVMPI5YNgCgzKRwXsJ8FQbK0Yac7nOd7w9y7YV/h2feSW5MyjtV2c/suf+jDUEoaF3RXSymmI9ZOOW699HZo/o5vAU5GxlCxPazSqqhAbU1Ri5c88HHuEN6XzpPEHD8tK625LLmYdHG44+Y3+chzN2Xa0pS4zvBiKbZeSzt8BDVsD0cODmsoYbvNc8RUpMgklaHvIbPBvk9k/NGMV7UDiMEmkRHMI/m93U/aKWlD7NoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sAmwkI3N8VF9+/ZMJfYG958lbQBPl0INIn+c0P5H8UU=; b=m80NAqUyprwB7mddmVFuKbD6d5kKOaeDgBvJR1gCPCs0iYJceSiZA4LqGaA9GXqR7JrDniC907TKVL8TdtCc+5aBnsxQsXWUnD0mchLdaGa3uFwOC5m1Z4zKuhccuJG2a8hMJLYAkOtGpwh4f05ZytPK0Y0fSlPrG9fe441o3are6Bv5KyLlEgPtMsqGxNaG56bY4sF9RjC+LNDtu7SMA3IbkntIrXJhCMeNFhmw9OzncAvBzz1q4LeEft+tBMEbmKC2mjtcaP+kkYUH7FMOMcW1lXt2LiawjXPtf4WwFQ8qo/ERfV6lwB+EJhwPH/Erd6u/zb7btQ0hFhpgRWVZ+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sAmwkI3N8VF9+/ZMJfYG958lbQBPl0INIn+c0P5H8UU=; b=FmyediqhZpod9eSDHOWHN2kgfTTkiu83BaoHkmAT9rDfOOw1sI9nMfXRY4ACJA1jl5tVaea5pB7incuD7sPTj6a1cjyDP6f82Z+7yOyqncd5JkB3y5YQAYtKhH+ZN6YUGg9lILZRbDIanKHcW2m7jj4vy7oLNXA63IY0de5lclMKraaVwoGnQq34OpuwmIrbr+XtoBiuUtSmADqaLTfMb4f1LM7F4rDfLCwqG36kvbVG3jua9qkI6VmCqWOuGWFaB4oxA2MuKTVGqp1w4kawDNZYickdiZslBoqqiW/00NgxdhPu6ELAxyU6ciCPNYB4ESYzE5wE1dwN7PPlhtafMg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8822.eurprd04.prod.outlook.com (2603:10a6:10:2e1::11) by AS8PR04MB7543.eurprd04.prod.outlook.com (2603:10a6:20b:29b::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8207.18; Mon, 2 Dec 2024 08:34:51 +0000 Received: from DU2PR04MB8822.eurprd04.prod.outlook.com ([fe80::4e24:c2c7:bd58:c5c7]) by DU2PR04MB8822.eurprd04.prod.outlook.com ([fe80::4e24:c2c7:bd58:c5c7%6]) with mapi id 15.20.8207.014; Mon, 2 Dec 2024 08:34:50 +0000 From: Xu Yang To: peter.chen@kernel.org, gregkh@linuxfoundation.org Cc: linux-usb@vger.kernel.org, imx@lists.linux.dev, jun.li@nxp.com Subject: [PATCH v2] usb: chipidea: host: Improve port index sanitizing Date: Mon, 2 Dec 2024 16:34:53 +0800 Message-Id: <20241202083453.704533-1-xu.yang_2@nxp.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: JH0PR06CA0004.apcprd06.prod.outlook.com (2603:1096:990:77::11) To DU2PR04MB8822.eurprd04.prod.outlook.com (2603:10a6:10:2e1::11) Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8822:EE_|AS8PR04MB7543:EE_ X-MS-Office365-Filtering-Correlation-Id: 9aaba9c0-5d83-4d65-dcaa-08dd12ac2fe0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|52116014|376014|38350700014; X-Microsoft-Antispam-Message-Info: x9B/syM1fy2lm2I360iHCAZ2pwErS5hYJWhwT062zxEnH3uVI+yKPLmrXBd3bru4keDvMrP0axcffJdikIolhKF/C4Bnk1TMhhxOJq6gpcZxSnycxL4k1yMq++ozjfAL+x3l/7MZOeuqmO7yKlLm549ZH7bGKy5XPYF3P4OcHFD6Aw9psYYKji4QJY3cBhn1ym0GMDj+tCEO8Q6c0EtNyD81j9d5HSiZRo758RBw3W9066Uwqh5wX7Besf7tsyxWVvWKie+h5lkbAhKzQB/xJit3+ccdxaUFhqS+8MNPuyx/2iUgzjAm+LfrwLqRVYCc1FcUXhNNwNj55cly/A/BdeeIA5hd92kAOC/L/06ejPcTxFJJ4On2RcILmrOgF/lQH3RAS3OuaTHy9ouTbSfFXgp8pBGRTXAUg6VvUJN312EiY/ruBo2n/MSG1xqLZFn8kvYId4KWa0gdCPhyh0g2GtVr7lRlHjMgkgDBmkC1HoWNWrrUjZ2BCbdnZzj39NcTVebPdqV3RbL860QmdmVYaS/eaqYKEjqnz2HA3zqF9iGrm9kfv/jzqQV0ZZGyYf6gP3GlA+HZgtwojjRpMet8RPg/dsV/FM3+sDGewP9WbSSd4y8sMYYegSn5V2cjbdcPq4Wip4VmI9fw+0FwLhT+hUAwu7de/lV6+jzjS/3QgLlMp7Eo3u8tQ94psdgWtNcghVZH7JrG1iEVFlgaGancypeNRiPU41ZOIzdyHFjXGdUYWxXyUWv30O48L94ROnnkGSxUkcLSnNgQGLhiuderOdzwnFxxZuSqR0h1M67SbXDNVJVSrfeYn8/bJgsZCfrd/As/0wyYNK6/xOoxGKiCm3VlMJTrz9wQiVzrWccAzzNAcZQNpi0xHrd9mmdzCKrrSSL2DKeZ3xhye7qNahu7k2Z0j/QzcJsMGD/W9MP5HE4u+QLAh90if61dNyChpf9dvwuydyfuGNtMIAWc7bD9+gHpiD9I+Ty37CGx4PSi9z44AF37U89sm+Q2TziSEtltOKL2p1Ki7OIs28MgwAykmQ8HxtTT+oTgx1XSByGtmLRIiniSKXKfgvil9SuP4uziK3DCj+iEj9GHT5ozSNmSabLXEtbhMK8EvScn+2oOD+8a9lgcRtSZNf/K50bev7h1atgLI2cSKRvb60JV3+yeECaTDVo/4/zqqAvxqa07vyscDG0PGG85C5vi+0OGcOlkdbT6y68GR54+HZS3gnDNsH3cS01upzMvGyEjOq/UjCFr+8pQP5uscDWZEE9UKHWetvBe8g+XF2Uyy1fJ9NkMB2hG0IvX8ozy90POmzywJJJQm3ogr5GTRm9WTfgsFu0hSM+9W5yHIFWk2WK32MDiuUrbDEcsZfwqyUdYytZfOwVQAh0cFXHxdB06MhFpC2aJheVcOTWSDOW54MBMkCVnLw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8822.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(52116014)(376014)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: tJMSeZ67ZJWnrkYNv++KJilFKyOvOiVWJH8BE5Mv0lSvcWbvzSavABWRaSUuiMDYnRGeQkdZzkzj+FOeAfdYR4SOGErZFILguXvdFFKkzcGFnj/75c7LITCOeA0YljmFLuwRHNeCKLSkJwEOsgyy3VPRiKJYha2LfMXDMqed9GdUX45Bpq8ta3MQczEqKo3tBOQZ4JOvFwRRJk/TY9GE9EZNvtFX6xscoSeBaX/yTI97rJyNQAE1RsBAtz6Cb92388udsg5NALQYnWfEJiLiQ/qi3bbgx51Z9BQ0Ro9CfwZSbv+aZ+Dmwl+SZiIyuTD/AetEounnw0FHZOgaTZbRgbjhA4/XCMgSf9Qb2OKs34FvlaPAwnogZSWiCVZ5GUpInOBVNq5ujaAC3FXL1AKIEGqcjkxZDC9sidM/Mx7FbQI5RF46mF1/MEUPAWZTY3NZKMP3p0FrigM8R/4bqscVfuhgn7Tvd2BJt1yGtcWZkJwwYYy2gRkUKLwYGhUJnlBxfWZNm86vq242PN2JNUgpQzivxw+Co2JcXhksYY6aH3OtI7Eas1Ztgd051adv7rSvsgJed4iJ/x9n/QDDEezFBf+egia8u49iukGoNKNADt9+sJgnpOzmNH1bERm0GLecwRJkPPaxArMtf30+XFKjQt+o4aD22P7BHNv/rV4JlSLkR1VMmHODlMSibVs7W+AS3bsq1AM64CB160iGfHd/677pOnTxOB9kak2UZ8Iypm6AATO0DJ4sgreJLg/KfH/eY9k1XAekjayG4O3CyGf7hMxaXbiddhnB1eg6YjX6tRlH00LYaQtJfdCrOjTONmKTmRifvUfKReu50f6pUkGgLDH2NsYc1wX//cRxc4bRULCZ4X/Vy8H+Bsm+Wx+ZmhDHbmzic/NCsWCUTN4OqUF1nbgDjxIAqgJDk4b6r3ovFdzENf/075XsG17duD2E75O3oaFzrCkymeWEs4v/+mtoe4kMmrNPXajAXtProUZ9oVpWcIAzf0X1uT4LNorRO4rCyPnoGTlAdBtWg6tqF+sbNQYrAlVIA3NlpPNWJciDpG7EIbXjYhlFizjKnntkfVlb47oU71WnsWR/YqnD4wfgm+YwV1pgpjvyZD32HaiD6s4b/wSGSV3LPpTDJ2Rlw5XhqjO39ZQsxGoFwnNGCpiIbu5j4Yjqd90/1xTJQEIAoz2iRCyxjTcR3Jft74epFqpxchKtviD3/SRh1G+iVu6j33mqvefAohIIq+9f1JNK70cXQ31t/SzExDStA61N1wLqDk8LYXxaFkszDJ4wvrWPv1fbJNtb+8HAZ/OTCsrb5AJrdanshnN4mseovXhsNiNgAwjbeRj3bW8ha8nyJV2D7pBkAl9htjoVsigh2l0/jnUdA1Q+MSPMgT0QroRhirAZdMAaTuhGWf++na46G5EscAZfA/St5mbWPYO1hHodKHMfhnsOXJiBWiHs//Nj4ZL83zaHB08HR/iQ8GZUywAHHxptxLa1aMKt4PrZ7GqjLtxnjRkDM7MWPHeZ2nNUHU10E0WQr0RrctgH4AP39yBKoYQ8DKlSjOrBLDpiW0SLOVV23PMrXmgcvF/aOouAdkUQ X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9aaba9c0-5d83-4d65-dcaa-08dd12ac2fe0 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8822.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2024 08:34:50.7121 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: obV8rgniP1r5xsnkV7Zw7qCS6N7AUrhBuQx3M8WYuLxg9iHUNMKrhVMqeUC71Q2qPwWO+IsFr/LXglJ0qCL2CQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB7543 Coverity from Synopsys complains "Illegal address computation (OVERRUN)" on status_reg. After below code executed, port_index = wIndex & 0xff; port_index -= (port_index > 0); the static analysis tool see the value of port_index is now between 0 and 254 (inclusive). However, ehci_def.h define port_status as below: #define HCS_N_PORTS_MAX 15 u32 port_status[HCS_N_PORTS_MAX]; So the tool think illegal array pointer may be obtained. status_reg = &ehci->regs->port_status[port_index]; This will follow "846cbf98cbef USB: EHCI: Improve port index sanitizing" to improve port index sanitizing. Signed-off-by: Xu Yang Acked-by: Peter Chen --- Changes in v2: - rewrite commit message to better understand the issue --- drivers/usb/chipidea/host.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c index 0cce19208370..442d79e32a65 100644 --- a/drivers/usb/chipidea/host.c +++ b/drivers/usb/chipidea/host.c @@ -256,8 +256,14 @@ static int ci_ehci_hub_control( struct device *dev = hcd->self.controller; struct ci_hdrc *ci = dev_get_drvdata(dev); - port_index = wIndex & 0xff; - port_index -= (port_index > 0); + /* + * Avoid out-of-bounds values while calculating the port index + * from wIndex. The compiler doesn't like pointers to invalid + * addresses, even if they are never used. + */ + port_index = (wIndex - 1) & 0xff; + if (port_index >= HCS_N_PORTS_MAX) + port_index = 0; status_reg = &ehci->regs->port_status[port_index]; spin_lock_irqsave(&ehci->lock, flags);