提交 a982247f 编写于 作者: M Mathias Nyman 提交者: Zheng Zengkai

xhci: fix even more unsafe memory usage in xhci tracing

stable inclusion
from stable-5.10.64
commit 3f7f1baf7045c6a418d5858de23e9f5c6c58d5ff
bugzilla: 182256 https://gitee.com/openeuler/kernel/issues/I4EG0U

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3f7f1baf7045c6a418d5858de23e9f5c6c58d5ff

--------------------------------

commit 4843b4b5 upstream.

Removes static char buffer usage in the following decode functions:
	xhci_decode_ctrl_ctx()
	xhci_decode_slot_context()
	xhci_decode_usbsts()
	xhci_decode_doorbell()
	xhci_decode_ep_context()

Caller must provide a buffer to use.
In tracing use __get_str() as recommended to pass buffer.

Minor changes are needed in other xhci code as these functions are also
used elsewhere

Cc: <stable@vger.kernel.org>
Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210820123503.2605901-3-mathias.nyman@linux.intel.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Acked-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
上级 116ea230
...@@ -260,11 +260,13 @@ static int xhci_slot_context_show(struct seq_file *s, void *unused) ...@@ -260,11 +260,13 @@ static int xhci_slot_context_show(struct seq_file *s, void *unused)
struct xhci_slot_ctx *slot_ctx; struct xhci_slot_ctx *slot_ctx;
struct xhci_slot_priv *priv = s->private; struct xhci_slot_priv *priv = s->private;
struct xhci_virt_device *dev = priv->dev; struct xhci_virt_device *dev = priv->dev;
char str[XHCI_MSG_MAX];
xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus)); xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus));
slot_ctx = xhci_get_slot_ctx(xhci, dev->out_ctx); slot_ctx = xhci_get_slot_ctx(xhci, dev->out_ctx);
seq_printf(s, "%pad: %s\n", &dev->out_ctx->dma, seq_printf(s, "%pad: %s\n", &dev->out_ctx->dma,
xhci_decode_slot_context(le32_to_cpu(slot_ctx->dev_info), xhci_decode_slot_context(str,
le32_to_cpu(slot_ctx->dev_info),
le32_to_cpu(slot_ctx->dev_info2), le32_to_cpu(slot_ctx->dev_info2),
le32_to_cpu(slot_ctx->tt_info), le32_to_cpu(slot_ctx->tt_info),
le32_to_cpu(slot_ctx->dev_state))); le32_to_cpu(slot_ctx->dev_state)));
...@@ -280,6 +282,7 @@ static int xhci_endpoint_context_show(struct seq_file *s, void *unused) ...@@ -280,6 +282,7 @@ static int xhci_endpoint_context_show(struct seq_file *s, void *unused)
struct xhci_ep_ctx *ep_ctx; struct xhci_ep_ctx *ep_ctx;
struct xhci_slot_priv *priv = s->private; struct xhci_slot_priv *priv = s->private;
struct xhci_virt_device *dev = priv->dev; struct xhci_virt_device *dev = priv->dev;
char str[XHCI_MSG_MAX];
xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus)); xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus));
...@@ -287,7 +290,8 @@ static int xhci_endpoint_context_show(struct seq_file *s, void *unused) ...@@ -287,7 +290,8 @@ static int xhci_endpoint_context_show(struct seq_file *s, void *unused)
ep_ctx = xhci_get_ep_ctx(xhci, dev->out_ctx, ep_index); ep_ctx = xhci_get_ep_ctx(xhci, dev->out_ctx, ep_index);
dma = dev->out_ctx->dma + (ep_index + 1) * CTX_SIZE(xhci->hcc_params); dma = dev->out_ctx->dma + (ep_index + 1) * CTX_SIZE(xhci->hcc_params);
seq_printf(s, "%pad: %s\n", &dma, seq_printf(s, "%pad: %s\n", &dma,
xhci_decode_ep_context(le32_to_cpu(ep_ctx->ep_info), xhci_decode_ep_context(str,
le32_to_cpu(ep_ctx->ep_info),
le32_to_cpu(ep_ctx->ep_info2), le32_to_cpu(ep_ctx->ep_info2),
le64_to_cpu(ep_ctx->deq), le64_to_cpu(ep_ctx->deq),
le32_to_cpu(ep_ctx->tx_info))); le32_to_cpu(ep_ctx->tx_info)));
......
...@@ -1005,6 +1005,7 @@ void xhci_stop_endpoint_command_watchdog(struct timer_list *t) ...@@ -1005,6 +1005,7 @@ void xhci_stop_endpoint_command_watchdog(struct timer_list *t)
struct xhci_hcd *xhci = ep->xhci; struct xhci_hcd *xhci = ep->xhci;
unsigned long flags; unsigned long flags;
u32 usbsts; u32 usbsts;
char str[XHCI_MSG_MAX];
spin_lock_irqsave(&xhci->lock, flags); spin_lock_irqsave(&xhci->lock, flags);
...@@ -1018,7 +1019,7 @@ void xhci_stop_endpoint_command_watchdog(struct timer_list *t) ...@@ -1018,7 +1019,7 @@ void xhci_stop_endpoint_command_watchdog(struct timer_list *t)
usbsts = readl(&xhci->op_regs->status); usbsts = readl(&xhci->op_regs->status);
xhci_warn(xhci, "xHCI host not responding to stop endpoint command.\n"); xhci_warn(xhci, "xHCI host not responding to stop endpoint command.\n");
xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(usbsts)); xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(str, usbsts));
ep->ep_state &= ~EP_STOP_CMD_PENDING; ep->ep_state &= ~EP_STOP_CMD_PENDING;
......
...@@ -323,6 +323,7 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx, ...@@ -323,6 +323,7 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx,
__field(u32, info2) __field(u32, info2)
__field(u64, deq) __field(u64, deq)
__field(u32, tx_info) __field(u32, tx_info)
__dynamic_array(char, str, XHCI_MSG_MAX)
), ),
TP_fast_assign( TP_fast_assign(
__entry->info = le32_to_cpu(ctx->ep_info); __entry->info = le32_to_cpu(ctx->ep_info);
...@@ -330,8 +331,8 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx, ...@@ -330,8 +331,8 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx,
__entry->deq = le64_to_cpu(ctx->deq); __entry->deq = le64_to_cpu(ctx->deq);
__entry->tx_info = le32_to_cpu(ctx->tx_info); __entry->tx_info = le32_to_cpu(ctx->tx_info);
), ),
TP_printk("%s", xhci_decode_ep_context(__entry->info, TP_printk("%s", xhci_decode_ep_context(__get_str(str),
__entry->info2, __entry->deq, __entry->tx_info) __entry->info, __entry->info2, __entry->deq, __entry->tx_info)
) )
); );
...@@ -368,6 +369,7 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx, ...@@ -368,6 +369,7 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx,
__field(u32, info2) __field(u32, info2)
__field(u32, tt_info) __field(u32, tt_info)
__field(u32, state) __field(u32, state)
__dynamic_array(char, str, XHCI_MSG_MAX)
), ),
TP_fast_assign( TP_fast_assign(
__entry->info = le32_to_cpu(ctx->dev_info); __entry->info = le32_to_cpu(ctx->dev_info);
...@@ -375,9 +377,9 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx, ...@@ -375,9 +377,9 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx,
__entry->tt_info = le64_to_cpu(ctx->tt_info); __entry->tt_info = le64_to_cpu(ctx->tt_info);
__entry->state = le32_to_cpu(ctx->dev_state); __entry->state = le32_to_cpu(ctx->dev_state);
), ),
TP_printk("%s", xhci_decode_slot_context(__entry->info, TP_printk("%s", xhci_decode_slot_context(__get_str(str),
__entry->info2, __entry->tt_info, __entry->info, __entry->info2,
__entry->state) __entry->tt_info, __entry->state)
) )
); );
...@@ -432,12 +434,13 @@ DECLARE_EVENT_CLASS(xhci_log_ctrl_ctx, ...@@ -432,12 +434,13 @@ DECLARE_EVENT_CLASS(xhci_log_ctrl_ctx,
TP_STRUCT__entry( TP_STRUCT__entry(
__field(u32, drop) __field(u32, drop)
__field(u32, add) __field(u32, add)
__dynamic_array(char, str, XHCI_MSG_MAX)
), ),
TP_fast_assign( TP_fast_assign(
__entry->drop = le32_to_cpu(ctrl_ctx->drop_flags); __entry->drop = le32_to_cpu(ctrl_ctx->drop_flags);
__entry->add = le32_to_cpu(ctrl_ctx->add_flags); __entry->add = le32_to_cpu(ctrl_ctx->add_flags);
), ),
TP_printk("%s", xhci_decode_ctrl_ctx(__entry->drop, __entry->add) TP_printk("%s", xhci_decode_ctrl_ctx(__get_str(str), __entry->drop, __entry->add)
) )
); );
...@@ -555,13 +558,14 @@ DECLARE_EVENT_CLASS(xhci_log_doorbell, ...@@ -555,13 +558,14 @@ DECLARE_EVENT_CLASS(xhci_log_doorbell,
TP_STRUCT__entry( TP_STRUCT__entry(
__field(u32, slot) __field(u32, slot)
__field(u32, doorbell) __field(u32, doorbell)
__dynamic_array(char, str, XHCI_MSG_MAX)
), ),
TP_fast_assign( TP_fast_assign(
__entry->slot = slot; __entry->slot = slot;
__entry->doorbell = doorbell; __entry->doorbell = doorbell;
), ),
TP_printk("Ring doorbell for %s", TP_printk("Ring doorbell for %s",
xhci_decode_doorbell(__entry->slot, __entry->doorbell) xhci_decode_doorbell(__get_str(str), __entry->slot, __entry->doorbell)
) )
); );
......
...@@ -2445,10 +2445,9 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, ...@@ -2445,10 +2445,9 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2,
return str; return str;
} }
static inline const char *xhci_decode_ctrl_ctx(unsigned long drop, static inline const char *xhci_decode_ctrl_ctx(char *str,
unsigned long add) unsigned long drop, unsigned long add)
{ {
static char str[1024];
unsigned int bit; unsigned int bit;
int ret = 0; int ret = 0;
...@@ -2474,10 +2473,9 @@ static inline const char *xhci_decode_ctrl_ctx(unsigned long drop, ...@@ -2474,10 +2473,9 @@ static inline const char *xhci_decode_ctrl_ctx(unsigned long drop,
return str; return str;
} }
static inline const char *xhci_decode_slot_context(u32 info, u32 info2, static inline const char *xhci_decode_slot_context(char *str,
u32 tt_info, u32 state) u32 info, u32 info2, u32 tt_info, u32 state)
{ {
static char str[1024];
u32 speed; u32 speed;
u32 hub; u32 hub;
u32 mtt; u32 mtt;
...@@ -2607,9 +2605,8 @@ static inline const char *xhci_decode_portsc(u32 portsc) ...@@ -2607,9 +2605,8 @@ static inline const char *xhci_decode_portsc(u32 portsc)
return str; return str;
} }
static inline const char *xhci_decode_usbsts(u32 usbsts) static inline const char *xhci_decode_usbsts(char *str, u32 usbsts)
{ {
static char str[256];
int ret = 0; int ret = 0;
if (usbsts == ~(u32)0) if (usbsts == ~(u32)0)
...@@ -2636,9 +2633,8 @@ static inline const char *xhci_decode_usbsts(u32 usbsts) ...@@ -2636,9 +2633,8 @@ static inline const char *xhci_decode_usbsts(u32 usbsts)
return str; return str;
} }
static inline const char *xhci_decode_doorbell(u32 slot, u32 doorbell) static inline const char *xhci_decode_doorbell(char *str, u32 slot, u32 doorbell)
{ {
static char str[256];
u8 ep; u8 ep;
u16 stream; u16 stream;
int ret; int ret;
...@@ -2705,10 +2701,9 @@ static inline const char *xhci_ep_type_string(u8 type) ...@@ -2705,10 +2701,9 @@ static inline const char *xhci_ep_type_string(u8 type)
} }
} }
static inline const char *xhci_decode_ep_context(u32 info, u32 info2, u64 deq, static inline const char *xhci_decode_ep_context(char *str, u32 info,
u32 tx_info) u32 info2, u64 deq, u32 tx_info)
{ {
static char str[1024];
int ret; int ret;
u32 esit; u32 esit;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
新手
引导
客服 返回
顶部