It looks like some of the xhci debug code is passing u32 to functions
directly from __le32/__le64 fields.
Fix this by using le{32,64}_to_cpu() on these to fix the following
sparse warnings;
xhci-debugfs.c:205:62: warning: incorrect type in argument 1 (different base types)
xhci-debugfs.c:205:62: expected unsigned int [usertype] field0
xhci-debugfs.c:205:62: got restricted __le32
xhci-debugfs.c:206:62: warning: incorrect type in argument 2 (different base types)
xhci-debugfs.c:206:62: expected unsigned int [usertype] field1
xhci-debugfs.c:206:62: got restricted __le32
...
[Trim down commit message, sparse warnings were similar -Mathias]
Cc: <stable@vger.kernel.org> # 4.15+
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/1572013829-14044-4-git-send-email-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In xhci_debugfs_create_slot(), kzalloc() can fail and
dev->debugfs_private will be NULL.
In xhci_debugfs_create_endpoint(), dev->debugfs_private is used without
any null-pointer check, and can cause a null pointer dereference.
To fix this bug, a null-pointer check is added in
xhci_debugfs_create_endpoint().
This bug is found by a runtime fuzzing tool named FIZZER written by us.
[subjet line change change, add potential -Mathais]
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Enable compliance transition for a port by writing "compliance" to the
ports portsc file in debugfs.
port must be "Not-connected" and Link must be in RxDetect state to enable
compliance mode.
Only needed for host that have CTC flag set.
Allows state transitioning to compliance at 1st LFPS timeout.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add ports/portxx/portsc for each xHC hardware usb port to debugfs.
Showing the content of the port status and control register for
each port (PORTSC)
Portxx is numbered starting from 1 for historical reasons to better
match port numbering shown by lsusb and other places.
Ports in debugfs are in the order XHC controller has them,
In most cases USB2 ports come first, followed by USB3 ports.
i.e. USB2 ports are port01-portxx, and USB3 portxx-portmax.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Trying to read from debugfs after the system has resumed from
hibernate causes a use-after-free and thus a protection fault.
Steps to reproduce:
Hibernate system, resume from hibernate, then run
$ cat /sys/kernel/debug/usb/xhci/*/command-ring/enqueue
[ 3902.765086] general protection fault: 0000 [#1] PREEMPT SMP
...
[ 3902.765136] RIP: 0010:xhci_trb_virt_to_dma.part.50+0x5/0x30
...
[ 3902.765178] Call Trace:
[ 3902.765188] xhci_ring_enqueue_show+0x1e/0x40
[ 3902.765197] seq_read+0xdb/0x3a0
[ 3902.765204] ? __handle_mm_fault+0x5fb/0x1210
[ 3902.765211] full_proxy_read+0x4a/0x70
[ 3902.765219] __vfs_read+0x23/0x120
[ 3902.765228] vfs_read+0x8e/0x130
[ 3902.765235] SyS_read+0x42/0x90
[ 3902.765242] do_syscall_64+0x6b/0x290
[ 3902.765251] entry_SYSCALL64_slow_path+0x25/0x25
The issue is caused by the xhci ring structures being reallocated
when the system is resumed, but pointers to the old structures
being retained in the debugfs files "private" field:
The proposed patch fixes this issue by storing a pointer to the xhci_ring
field in the xhci device structure in debugfs rather than directly
storing a pointer to the xhci_ring.
Fixes: 02b6fdc2a1 ("usb: xhci: Add debugfs interface for xHCI driver")
Signed-off-by: Alexander Kappner <agk@godking.net>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The license text was removed from these files, yet they somehow missed
the big "add SPDX tags to all files" sweep due to them being new. So
add the proper SPDX license tag to them, based on the original license
text in the file.
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now that the SPDX tag is in all USB files, that identifies the license
in a specific and legally-defined manner. So the extra GPL text wording
can be removed as it is no longer needed at all.
This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text. And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.
No copyright headers or other non-license-description text was removed.
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: Jonathan Hunter <jonathanh@nvidia.com>
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This adds debugfs consumer for xHCI driver. The debugfs entries
read all host registers, device/endpoint contexts, command ring,
event ring and various endpoint rings. With these entries, users
can check the registers and memory spaces used by a host during
run time, or save all the information with a simple 'cp -r' for
post-mortem programs.
The file hierarchy looks like this.
[root of debugfs]
|__usb
|____[e,u,o]hci <---------[root for other HCIs]
|____xhci <---------------[root for xHCI]
|______0000:00:14.0 <--------------[xHCI host name]
|________reg-cap <--------[capability registers]
|________reg-op <-------[operational registers]
|________reg-runtime <-----------[runtime registers]
|________reg-ext-#cap_name <----[extended capability regs]
|________command-ring <-------[root for command ring]
|__________cycle <------------------[ring cycle]
|__________dequeue <--------[ring dequeue pointer]
|__________enqueue <--------[ring enqueue pointer]
|__________trbs <-------------------[ring trbs]
|________event-ring <---------[root for event ring]
|__________cycle <------------------[ring cycle]
|__________dequeue <--------[ring dequeue pointer]
|__________enqueue <--------[ring enqueue pointer]
|__________trbs <-------------------[ring trbs]
|________devices <------------[root for devices]
|__________#slot_id <-----------[root for a device]
|____________name <-----------------[device name]
|____________slot-context <----------------[slot context]
|____________ep-context <-----------[endpoint contexts]
|____________ep#ep_index <--------[root for an endpoint]
|______________cycle <------------------[ring cycle]
|______________dequeue <--------[ring dequeue pointer]
|______________enqueue <--------[ring enqueue pointer]
|______________trbs <-------------------[ring trbs]
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ben Dooks (Codethink)