Skip to content

Commit 052fb1c

Browse files
pawellcdnsgregkh
pawellcdns
authored and
gregkh
committed
usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value
[ Upstream commit 03db928 ] Variable ret in function cdnsp_decode_trb is initialized but not used. To fix this compiler warning patch adds checking whether the data buffer has not been overflowed. Reported-by: kernel test robot <[email protected]> Signed-off-by: Pawel Laszczak <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
1 parent c27576b commit 052fb1c

File tree

1 file changed

+154
-151
lines changed

1 file changed

+154
-151
lines changed

drivers/usb/cdns3/cdnsp-debug.h

Lines changed: 154 additions & 151 deletions
Original file line numberDiff line numberDiff line change
@@ -182,208 +182,211 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0,
182182
int ep_id = TRB_TO_EP_INDEX(field3) - 1;
183183
int type = TRB_FIELD_TO_TYPE(field3);
184184
unsigned int ep_num;
185-
int ret = 0;
185+
int ret;
186186
u32 temp;
187187

188188
ep_num = DIV_ROUND_UP(ep_id, 2);
189189

190190
switch (type) {
191191
case TRB_LINK:
192-
ret += snprintf(str, size,
193-
"LINK %08x%08x intr %ld type '%s' flags %c:%c:%c:%c",
194-
field1, field0, GET_INTR_TARGET(field2),
195-
cdnsp_trb_type_string(type),
196-
field3 & TRB_IOC ? 'I' : 'i',
197-
field3 & TRB_CHAIN ? 'C' : 'c',
198-
field3 & TRB_TC ? 'T' : 't',
199-
field3 & TRB_CYCLE ? 'C' : 'c');
192+
ret = snprintf(str, size,
193+
"LINK %08x%08x intr %ld type '%s' flags %c:%c:%c:%c",
194+
field1, field0, GET_INTR_TARGET(field2),
195+
cdnsp_trb_type_string(type),
196+
field3 & TRB_IOC ? 'I' : 'i',
197+
field3 & TRB_CHAIN ? 'C' : 'c',
198+
field3 & TRB_TC ? 'T' : 't',
199+
field3 & TRB_CYCLE ? 'C' : 'c');
200200
break;
201201
case TRB_TRANSFER:
202202
case TRB_COMPLETION:
203203
case TRB_PORT_STATUS:
204204
case TRB_HC_EVENT:
205-
ret += snprintf(str, size,
206-
"ep%d%s(%d) type '%s' TRB %08x%08x status '%s'"
207-
" len %ld slot %ld flags %c:%c",
208-
ep_num, ep_id % 2 ? "out" : "in",
209-
TRB_TO_EP_INDEX(field3),
210-
cdnsp_trb_type_string(type), field1, field0,
211-
cdnsp_trb_comp_code_string(GET_COMP_CODE(field2)),
212-
EVENT_TRB_LEN(field2), TRB_TO_SLOT_ID(field3),
213-
field3 & EVENT_DATA ? 'E' : 'e',
214-
field3 & TRB_CYCLE ? 'C' : 'c');
205+
ret = snprintf(str, size,
206+
"ep%d%s(%d) type '%s' TRB %08x%08x status '%s'"
207+
" len %ld slot %ld flags %c:%c",
208+
ep_num, ep_id % 2 ? "out" : "in",
209+
TRB_TO_EP_INDEX(field3),
210+
cdnsp_trb_type_string(type), field1, field0,
211+
cdnsp_trb_comp_code_string(GET_COMP_CODE(field2)),
212+
EVENT_TRB_LEN(field2), TRB_TO_SLOT_ID(field3),
213+
field3 & EVENT_DATA ? 'E' : 'e',
214+
field3 & TRB_CYCLE ? 'C' : 'c');
215215
break;
216216
case TRB_MFINDEX_WRAP:
217-
ret += snprintf(str, size, "%s: flags %c",
218-
cdnsp_trb_type_string(type),
219-
field3 & TRB_CYCLE ? 'C' : 'c');
217+
ret = snprintf(str, size, "%s: flags %c",
218+
cdnsp_trb_type_string(type),
219+
field3 & TRB_CYCLE ? 'C' : 'c');
220220
break;
221221
case TRB_SETUP:
222-
ret += snprintf(str, size,
223-
"type '%s' bRequestType %02x bRequest %02x "
224-
"wValue %02x%02x wIndex %02x%02x wLength %d "
225-
"length %ld TD size %ld intr %ld Setup ID %ld "
226-
"flags %c:%c:%c",
227-
cdnsp_trb_type_string(type),
228-
field0 & 0xff,
229-
(field0 & 0xff00) >> 8,
230-
(field0 & 0xff000000) >> 24,
231-
(field0 & 0xff0000) >> 16,
232-
(field1 & 0xff00) >> 8,
233-
field1 & 0xff,
234-
(field1 & 0xff000000) >> 16 |
235-
(field1 & 0xff0000) >> 16,
236-
TRB_LEN(field2), GET_TD_SIZE(field2),
237-
GET_INTR_TARGET(field2),
238-
TRB_SETUPID_TO_TYPE(field3),
239-
field3 & TRB_IDT ? 'D' : 'd',
240-
field3 & TRB_IOC ? 'I' : 'i',
241-
field3 & TRB_CYCLE ? 'C' : 'c');
222+
ret = snprintf(str, size,
223+
"type '%s' bRequestType %02x bRequest %02x "
224+
"wValue %02x%02x wIndex %02x%02x wLength %d "
225+
"length %ld TD size %ld intr %ld Setup ID %ld "
226+
"flags %c:%c:%c",
227+
cdnsp_trb_type_string(type),
228+
field0 & 0xff,
229+
(field0 & 0xff00) >> 8,
230+
(field0 & 0xff000000) >> 24,
231+
(field0 & 0xff0000) >> 16,
232+
(field1 & 0xff00) >> 8,
233+
field1 & 0xff,
234+
(field1 & 0xff000000) >> 16 |
235+
(field1 & 0xff0000) >> 16,
236+
TRB_LEN(field2), GET_TD_SIZE(field2),
237+
GET_INTR_TARGET(field2),
238+
TRB_SETUPID_TO_TYPE(field3),
239+
field3 & TRB_IDT ? 'D' : 'd',
240+
field3 & TRB_IOC ? 'I' : 'i',
241+
field3 & TRB_CYCLE ? 'C' : 'c');
242242
break;
243243
case TRB_DATA:
244-
ret += snprintf(str, size,
245-
"type '%s' Buffer %08x%08x length %ld TD size %ld "
246-
"intr %ld flags %c:%c:%c:%c:%c:%c:%c",
247-
cdnsp_trb_type_string(type),
248-
field1, field0, TRB_LEN(field2),
249-
GET_TD_SIZE(field2),
250-
GET_INTR_TARGET(field2),
251-
field3 & TRB_IDT ? 'D' : 'i',
252-
field3 & TRB_IOC ? 'I' : 'i',
253-
field3 & TRB_CHAIN ? 'C' : 'c',
254-
field3 & TRB_NO_SNOOP ? 'S' : 's',
255-
field3 & TRB_ISP ? 'I' : 'i',
256-
field3 & TRB_ENT ? 'E' : 'e',
257-
field3 & TRB_CYCLE ? 'C' : 'c');
244+
ret = snprintf(str, size,
245+
"type '%s' Buffer %08x%08x length %ld TD size %ld "
246+
"intr %ld flags %c:%c:%c:%c:%c:%c:%c",
247+
cdnsp_trb_type_string(type),
248+
field1, field0, TRB_LEN(field2),
249+
GET_TD_SIZE(field2),
250+
GET_INTR_TARGET(field2),
251+
field3 & TRB_IDT ? 'D' : 'i',
252+
field3 & TRB_IOC ? 'I' : 'i',
253+
field3 & TRB_CHAIN ? 'C' : 'c',
254+
field3 & TRB_NO_SNOOP ? 'S' : 's',
255+
field3 & TRB_ISP ? 'I' : 'i',
256+
field3 & TRB_ENT ? 'E' : 'e',
257+
field3 & TRB_CYCLE ? 'C' : 'c');
258258
break;
259259
case TRB_STATUS:
260-
ret += snprintf(str, size,
261-
"Buffer %08x%08x length %ld TD size %ld intr"
262-
"%ld type '%s' flags %c:%c:%c:%c",
263-
field1, field0, TRB_LEN(field2),
264-
GET_TD_SIZE(field2),
265-
GET_INTR_TARGET(field2),
266-
cdnsp_trb_type_string(type),
267-
field3 & TRB_IOC ? 'I' : 'i',
268-
field3 & TRB_CHAIN ? 'C' : 'c',
269-
field3 & TRB_ENT ? 'E' : 'e',
270-
field3 & TRB_CYCLE ? 'C' : 'c');
260+
ret = snprintf(str, size,
261+
"Buffer %08x%08x length %ld TD size %ld intr"
262+
"%ld type '%s' flags %c:%c:%c:%c",
263+
field1, field0, TRB_LEN(field2),
264+
GET_TD_SIZE(field2),
265+
GET_INTR_TARGET(field2),
266+
cdnsp_trb_type_string(type),
267+
field3 & TRB_IOC ? 'I' : 'i',
268+
field3 & TRB_CHAIN ? 'C' : 'c',
269+
field3 & TRB_ENT ? 'E' : 'e',
270+
field3 & TRB_CYCLE ? 'C' : 'c');
271271
break;
272272
case TRB_NORMAL:
273273
case TRB_ISOC:
274274
case TRB_EVENT_DATA:
275275
case TRB_TR_NOOP:
276-
ret += snprintf(str, size,
277-
"type '%s' Buffer %08x%08x length %ld "
278-
"TD size %ld intr %ld "
279-
"flags %c:%c:%c:%c:%c:%c:%c:%c:%c",
280-
cdnsp_trb_type_string(type),
281-
field1, field0, TRB_LEN(field2),
282-
GET_TD_SIZE(field2),
283-
GET_INTR_TARGET(field2),
284-
field3 & TRB_BEI ? 'B' : 'b',
285-
field3 & TRB_IDT ? 'T' : 't',
286-
field3 & TRB_IOC ? 'I' : 'i',
287-
field3 & TRB_CHAIN ? 'C' : 'c',
288-
field3 & TRB_NO_SNOOP ? 'S' : 's',
289-
field3 & TRB_ISP ? 'I' : 'i',
290-
field3 & TRB_ENT ? 'E' : 'e',
291-
field3 & TRB_CYCLE ? 'C' : 'c',
292-
!(field3 & TRB_EVENT_INVALIDATE) ? 'V' : 'v');
276+
ret = snprintf(str, size,
277+
"type '%s' Buffer %08x%08x length %ld "
278+
"TD size %ld intr %ld "
279+
"flags %c:%c:%c:%c:%c:%c:%c:%c:%c",
280+
cdnsp_trb_type_string(type),
281+
field1, field0, TRB_LEN(field2),
282+
GET_TD_SIZE(field2),
283+
GET_INTR_TARGET(field2),
284+
field3 & TRB_BEI ? 'B' : 'b',
285+
field3 & TRB_IDT ? 'T' : 't',
286+
field3 & TRB_IOC ? 'I' : 'i',
287+
field3 & TRB_CHAIN ? 'C' : 'c',
288+
field3 & TRB_NO_SNOOP ? 'S' : 's',
289+
field3 & TRB_ISP ? 'I' : 'i',
290+
field3 & TRB_ENT ? 'E' : 'e',
291+
field3 & TRB_CYCLE ? 'C' : 'c',
292+
!(field3 & TRB_EVENT_INVALIDATE) ? 'V' : 'v');
293293
break;
294294
case TRB_CMD_NOOP:
295295
case TRB_ENABLE_SLOT:
296-
ret += snprintf(str, size, "%s: flags %c",
297-
cdnsp_trb_type_string(type),
298-
field3 & TRB_CYCLE ? 'C' : 'c');
296+
ret = snprintf(str, size, "%s: flags %c",
297+
cdnsp_trb_type_string(type),
298+
field3 & TRB_CYCLE ? 'C' : 'c');
299299
break;
300300
case TRB_DISABLE_SLOT:
301-
ret += snprintf(str, size, "%s: slot %ld flags %c",
302-
cdnsp_trb_type_string(type),
303-
TRB_TO_SLOT_ID(field3),
304-
field3 & TRB_CYCLE ? 'C' : 'c');
301+
ret = snprintf(str, size, "%s: slot %ld flags %c",
302+
cdnsp_trb_type_string(type),
303+
TRB_TO_SLOT_ID(field3),
304+
field3 & TRB_CYCLE ? 'C' : 'c');
305305
break;
306306
case TRB_ADDR_DEV:
307-
ret += snprintf(str, size,
308-
"%s: ctx %08x%08x slot %ld flags %c:%c",
309-
cdnsp_trb_type_string(type), field1, field0,
310-
TRB_TO_SLOT_ID(field3),
311-
field3 & TRB_BSR ? 'B' : 'b',
312-
field3 & TRB_CYCLE ? 'C' : 'c');
307+
ret = snprintf(str, size,
308+
"%s: ctx %08x%08x slot %ld flags %c:%c",
309+
cdnsp_trb_type_string(type), field1, field0,
310+
TRB_TO_SLOT_ID(field3),
311+
field3 & TRB_BSR ? 'B' : 'b',
312+
field3 & TRB_CYCLE ? 'C' : 'c');
313313
break;
314314
case TRB_CONFIG_EP:
315-
ret += snprintf(str, size,
316-
"%s: ctx %08x%08x slot %ld flags %c:%c",
317-
cdnsp_trb_type_string(type), field1, field0,
318-
TRB_TO_SLOT_ID(field3),
319-
field3 & TRB_DC ? 'D' : 'd',
320-
field3 & TRB_CYCLE ? 'C' : 'c');
315+
ret = snprintf(str, size,
316+
"%s: ctx %08x%08x slot %ld flags %c:%c",
317+
cdnsp_trb_type_string(type), field1, field0,
318+
TRB_TO_SLOT_ID(field3),
319+
field3 & TRB_DC ? 'D' : 'd',
320+
field3 & TRB_CYCLE ? 'C' : 'c');
321321
break;
322322
case TRB_EVAL_CONTEXT:
323-
ret += snprintf(str, size,
324-
"%s: ctx %08x%08x slot %ld flags %c",
325-
cdnsp_trb_type_string(type), field1, field0,
326-
TRB_TO_SLOT_ID(field3),
327-
field3 & TRB_CYCLE ? 'C' : 'c');
323+
ret = snprintf(str, size,
324+
"%s: ctx %08x%08x slot %ld flags %c",
325+
cdnsp_trb_type_string(type), field1, field0,
326+
TRB_TO_SLOT_ID(field3),
327+
field3 & TRB_CYCLE ? 'C' : 'c');
328328
break;
329329
case TRB_RESET_EP:
330330
case TRB_HALT_ENDPOINT:
331331
case TRB_FLUSH_ENDPOINT:
332-
ret += snprintf(str, size,
333-
"%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c",
334-
cdnsp_trb_type_string(type),
335-
ep_num, ep_id % 2 ? "out" : "in",
336-
TRB_TO_EP_INDEX(field3), field1, field0,
337-
TRB_TO_SLOT_ID(field3),
338-
field3 & TRB_CYCLE ? 'C' : 'c');
332+
ret = snprintf(str, size,
333+
"%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c",
334+
cdnsp_trb_type_string(type),
335+
ep_num, ep_id % 2 ? "out" : "in",
336+
TRB_TO_EP_INDEX(field3), field1, field0,
337+
TRB_TO_SLOT_ID(field3),
338+
field3 & TRB_CYCLE ? 'C' : 'c');
339339
break;
340340
case TRB_STOP_RING:
341-
ret += snprintf(str, size,
342-
"%s: ep%d%s(%d) slot %ld sp %d flags %c",
343-
cdnsp_trb_type_string(type),
344-
ep_num, ep_id % 2 ? "out" : "in",
345-
TRB_TO_EP_INDEX(field3),
346-
TRB_TO_SLOT_ID(field3),
347-
TRB_TO_SUSPEND_PORT(field3),
348-
field3 & TRB_CYCLE ? 'C' : 'c');
341+
ret = snprintf(str, size,
342+
"%s: ep%d%s(%d) slot %ld sp %d flags %c",
343+
cdnsp_trb_type_string(type),
344+
ep_num, ep_id % 2 ? "out" : "in",
345+
TRB_TO_EP_INDEX(field3),
346+
TRB_TO_SLOT_ID(field3),
347+
TRB_TO_SUSPEND_PORT(field3),
348+
field3 & TRB_CYCLE ? 'C' : 'c');
349349
break;
350350
case TRB_SET_DEQ:
351-
ret += snprintf(str, size,
352-
"%s: ep%d%s(%d) deq %08x%08x stream %ld slot %ld flags %c",
353-
cdnsp_trb_type_string(type),
354-
ep_num, ep_id % 2 ? "out" : "in",
355-
TRB_TO_EP_INDEX(field3), field1, field0,
356-
TRB_TO_STREAM_ID(field2),
357-
TRB_TO_SLOT_ID(field3),
358-
field3 & TRB_CYCLE ? 'C' : 'c');
351+
ret = snprintf(str, size,
352+
"%s: ep%d%s(%d) deq %08x%08x stream %ld slot %ld flags %c",
353+
cdnsp_trb_type_string(type),
354+
ep_num, ep_id % 2 ? "out" : "in",
355+
TRB_TO_EP_INDEX(field3), field1, field0,
356+
TRB_TO_STREAM_ID(field2),
357+
TRB_TO_SLOT_ID(field3),
358+
field3 & TRB_CYCLE ? 'C' : 'c');
359359
break;
360360
case TRB_RESET_DEV:
361-
ret += snprintf(str, size, "%s: slot %ld flags %c",
362-
cdnsp_trb_type_string(type),
363-
TRB_TO_SLOT_ID(field3),
364-
field3 & TRB_CYCLE ? 'C' : 'c');
361+
ret = snprintf(str, size, "%s: slot %ld flags %c",
362+
cdnsp_trb_type_string(type),
363+
TRB_TO_SLOT_ID(field3),
364+
field3 & TRB_CYCLE ? 'C' : 'c');
365365
break;
366366
case TRB_ENDPOINT_NRDY:
367-
temp = TRB_TO_HOST_STREAM(field2);
368-
369-
ret += snprintf(str, size,
370-
"%s: ep%d%s(%d) H_SID %x%s%s D_SID %lx flags %c:%c",
371-
cdnsp_trb_type_string(type),
372-
ep_num, ep_id % 2 ? "out" : "in",
373-
TRB_TO_EP_INDEX(field3), temp,
374-
temp == STREAM_PRIME_ACK ? "(PRIME)" : "",
375-
temp == STREAM_REJECTED ? "(REJECTED)" : "",
376-
TRB_TO_DEV_STREAM(field0),
377-
field3 & TRB_STAT ? 'S' : 's',
378-
field3 & TRB_CYCLE ? 'C' : 'c');
367+
temp = TRB_TO_HOST_STREAM(field2);
368+
369+
ret = snprintf(str, size,
370+
"%s: ep%d%s(%d) H_SID %x%s%s D_SID %lx flags %c:%c",
371+
cdnsp_trb_type_string(type),
372+
ep_num, ep_id % 2 ? "out" : "in",
373+
TRB_TO_EP_INDEX(field3), temp,
374+
temp == STREAM_PRIME_ACK ? "(PRIME)" : "",
375+
temp == STREAM_REJECTED ? "(REJECTED)" : "",
376+
TRB_TO_DEV_STREAM(field0),
377+
field3 & TRB_STAT ? 'S' : 's',
378+
field3 & TRB_CYCLE ? 'C' : 'c');
379379
break;
380380
default:
381-
ret += snprintf(str, size,
382-
"type '%s' -> raw %08x %08x %08x %08x",
383-
cdnsp_trb_type_string(type),
384-
field0, field1, field2, field3);
381+
ret = snprintf(str, size,
382+
"type '%s' -> raw %08x %08x %08x %08x",
383+
cdnsp_trb_type_string(type),
384+
field0, field1, field2, field3);
385385
}
386386

387+
if (ret >= size)
388+
pr_info("CDNSP: buffer overflowed.\n");
389+
387390
return str;
388391
}
389392

0 commit comments

Comments
 (0)