summaryrefslogtreecommitdiff
path: root/drivers/usb/host/xhci-debugfs.c
AgeCommit message (Collapse)AuthorFilesLines
2021-08-26xhci: fix even more unsafe memory usage in xhci tracingMathias Nyman1-2/+6
Removes static char buffer usage in the following decode functions: xhci_decode_ctrl_ctx() xhci_decode_slot_context() xhci_decode_usbsts() xhci_decode_doorbell() xhci_decode_ep_context() Caller must provide a buffer to use. In tracing use __get_str() as recommended to pass buffer. Minor changes are needed in other xhci code as these functions are also used elsewhere Cc: <stable@vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20210820123503.2605901-3-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-08-26xhci: fix unsafe memory usage in xhci tracingMathias Nyman1-2/+4
Removes static char buffer usage in the following decode functions: xhci_decode_trb() xhci_decode_ptortsc() Caller must provide a buffer to use. In tracing use __get_str() as recommended to pass buffer. Minor chanes are needed in xhci debugfs code as these functions are also used there. Changes include moving XHCI_MSG_MAX definititon from xhci-trace.h to xhci.h Cc: <stable@vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20210820123503.2605901-2-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-09-20usb: xhci: add debugfs support for ep with streamLi Jun1-1/+108
To show the trb ring of streams, use the exsiting ring files of bulk ep to show trb ring of one specific stream ID, which stream ID's trb ring will be shown, is controlled by a new debugfs file stream_id, this is to avoid to create a large number of dir for every allocate stream IDs, another debugfs file stream_context_array is created to show all the allocated stream context array entries. Signed-off-by: Li Jun <jun.li@nxp.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20200918131752.16488-11-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-08-23usb: host: xhci: fix ep context print mismatch in debugfsLi Jun1-4/+4
dci is 0 based and xhci_get_ep_ctx() will do ep index increment to get the ep context. [rename dci to ep_index -Mathias] Cc: stable <stable@vger.kernel.org> # v4.15+ Fixes: 02b6fdc2a153 ("usb: xhci: Add debugfs interface for xHCI driver") Signed-off-by: Li Jun <jun.li@nxp.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20200821091549.20556-2-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-07-09usb: host: xhci-debugfs: Use 'gnu_printf' format notationLee Jones1-0/+1
Fixes the following W=1 kernel build warning(s): drivers/usb/host/xhci-debugfs.c:128:2: warning: function ‘xhci_debugfs_regset’ might be a candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format] 128 | vsnprintf(rgs->name, sizeof(rgs->name), fmt, args); | ^~~~~~~~~ Cc: Mathias Nyman <mathias.nyman@intel.com> Cc: Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by: Lee Jones <lee.jones@linaro.org> Link: https://lore.kernel.org/r/20200703174148.2749969-19-lee.jones@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-10-28usb: xhci: fix __le32/__le64 accessors in debugfs codeBen Dooks (Codethink)1-12/+12
It looks like some of the xhci debug code is passing u32 to functions directly from __le32/__le64 fields. Fix this by using le{32,64}_to_cpu() on these to fix the following sparse warnings; xhci-debugfs.c:205:62: warning: incorrect type in argument 1 (different base types) xhci-debugfs.c:205:62: expected unsigned int [usertype] field0 xhci-debugfs.c:205:62: got restricted __le32 xhci-debugfs.c:206:62: warning: incorrect type in argument 2 (different base types) xhci-debugfs.c:206:62: expected unsigned int [usertype] field1 xhci-debugfs.c:206:62: got restricted __le32 ... [Trim down commit message, sparse warnings were similar -Mathias] Cc: <stable@vger.kernel.org> # 4.15+ Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/1572013829-14044-4-git-send-email-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-22usb: xhci: Fix a potential null pointer dereference in ↵Jia-Ju Bai1-0/+3
xhci_debugfs_create_endpoint() In xhci_debugfs_create_slot(), kzalloc() can fail and dev->debugfs_private will be NULL. In xhci_debugfs_create_endpoint(), dev->debugfs_private is used without any null-pointer check, and can cause a null pointer dereference. To fix this bug, a null-pointer check is added in xhci_debugfs_create_endpoint(). This bug is found by a runtime fuzzing tool named FIZZER written by us. [subjet line change change, add potential -Mathais] Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-24xhci: debugfs: add debugfs interface to enable compliance mode for a portMathias Nyman1-1/+38
Enable compliance transition for a port by writing "compliance" to the ports portsc file in debugfs. port must be "Not-connected" and Link must be in RxDetect state to enable compliance mode. Only needed for host that have CTC flag set. Allows state transitioning to compliance at 1st LFPS timeout. Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-24xhci: debugfs: add usb ports to xhci debugfsMathias Nyman1-0/+48
Add ports/portxx/portsc for each xHC hardware usb port to debugfs. Showing the content of the port status and control register for each port (PORTSC) Portxx is numbered starting from 1 for historical reasons to better match port numbering shown by lsusb and other places. Ports in debugfs are in the order XHC controller has them, In most cases USB2 ports come first, followed by USB3 ports. i.e. USB2 ports are port01-portxx, and USB3 portxx-portmax. Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-15xhci: Fix NULL pointer in xhci debugfsZhengjun Xing1-2/+2
Commit dde634057da7 ("xhci: Fix use-after-free in xhci debugfs") causes a null pointer dereference while fixing xhci-debugfs usage of ring pointers that were freed during hibernate. The fix passed addresses to ring pointers instead, but forgot to do this change for the xhci_ring_trb_show function. The address of the ring pointer passed to xhci-debugfs was of a temporary ring pointer "new_ring" instead of the actual ring "ring" pointer. The temporary new_ring pointer will be set to NULL later causing the NULL pointer dereference. This issue was seen when reading xhci related files in debugfs: cat /sys/kernel/debug/usb/xhci/*/devices/*/ep*/trbs [ 184.604861] BUG: unable to handle kernel NULL pointer dereference at (null) [ 184.613776] IP: xhci_ring_trb_show+0x3a/0x890 [ 184.618733] PGD 264193067 P4D 264193067 PUD 263238067 PMD 0 [ 184.625184] Oops: 0000 [#1] SMP [ 184.726410] RIP: 0010:xhci_ring_trb_show+0x3a/0x890 [ 184.731944] RSP: 0018:ffffba8243c0fd90 EFLAGS: 00010246 [ 184.737880] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000295d6 [ 184.746020] RDX: 00000000000295d5 RSI: 0000000000000001 RDI: ffff971a6418d400 [ 184.754121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 184.762222] R10: ffff971a64c98a80 R11: ffff971a62a00e40 R12: ffff971a62a85500 [ 184.770325] R13: 0000000000020000 R14: ffff971a6418d400 R15: ffff971a6418d400 [ 184.778448] FS: 00007fe725a79700(0000) GS:ffff971a6ec00000(0000) knlGS:0000000000000000 [ 184.787644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.794168] CR2: 0000000000000000 CR3: 000000025f365005 CR4: 00000000003606f0 [ 184.802318] Call Trace: [ 184.805094] ? seq_read+0x281/0x3b0 [ 184.809068] seq_read+0xeb/0x3b0 [ 184.812735] full_proxy_read+0x4d/0x70 [ 184.817007] __vfs_read+0x23/0x120 [ 184.820870] vfs_read+0x91/0x130 [ 184.824538] SyS_read+0x42/0x90 [ 184.828106] entry_SYSCALL_64_fastpath+0x1a/0x7d Fixes: dde634057da7 ("xhci: Fix use-after-free in xhci debugfs") Cc: <stable@vger.kernel.org> # v4.15 Signed-off-by: Zhengjun Xing <zhengjun.xing@linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-27xhci: Fix use-after-free in xhci debugfsAlexander Kappner1-8/+8
Trying to read from debugfs after the system has resumed from hibernate causes a use-after-free and thus a protection fault. Steps to reproduce: Hibernate system, resume from hibernate, then run $ cat /sys/kernel/debug/usb/xhci/*/command-ring/enqueue [ 3902.765086] general protection fault: 0000 [#1] PREEMPT SMP ... [ 3902.765136] RIP: 0010:xhci_trb_virt_to_dma.part.50+0x5/0x30 ... [ 3902.765178] Call Trace: [ 3902.765188] xhci_ring_enqueue_show+0x1e/0x40 [ 3902.765197] seq_read+0xdb/0x3a0 [ 3902.765204] ? __handle_mm_fault+0x5fb/0x1210 [ 3902.765211] full_proxy_read+0x4a/0x70 [ 3902.765219] __vfs_read+0x23/0x120 [ 3902.765228] vfs_read+0x8e/0x130 [ 3902.765235] SyS_read+0x42/0x90 [ 3902.765242] do_syscall_64+0x6b/0x290 [ 3902.765251] entry_SYSCALL64_slow_path+0x25/0x25 The issue is caused by the xhci ring structures being reallocated when the system is resumed, but pointers to the old structures being retained in the debugfs files "private" field: The proposed patch fixes this issue by storing a pointer to the xhci_ring field in the xhci device structure in debugfs rather than directly storing a pointer to the xhci_ring. Fixes: 02b6fdc2a153 ("usb: xhci: Add debugfs interface for xHCI driver") Signed-off-by: Alexander Kappner <agk@godking.net> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-07USB: host: xhci-debugfs: add SPDX linesGreg Kroah-Hartman1-0/+1
The license text was removed from these files, yet they somehow missed the big "add SPDX tags to all files" sweep due to them being new. So add the proper SPDX license tag to them, based on the original license text in the file. Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-07USB: host: xhci: Remove redundant license textGreg Kroah-Hartman1-4/+0
Now that the SPDX tag is in all USB files, that identifies the license in a specific and legally-defined manner. So the extra GPL text wording can be removed as it is no longer needed at all. This is done on a quest to remove the 700+ different ways that files in the kernel describe the GPL license text. And there's unneeded stuff like the address (sometimes incorrect) for the FSF which is never needed. No copyright headers or other non-license-description text was removed. Cc: Matthias Brugger <matthias.bgg@gmail.com> Cc: Thierry Reding <thierry.reding@gmail.com> Cc: Jonathan Hunter <jonathanh@nvidia.com> Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-05usb: xhci: Add debugfs interface for xHCI driverLu Baolu1-0/+526
This adds debugfs consumer for xHCI driver. The debugfs entries read all host registers, device/endpoint contexts, command ring, event ring and various endpoint rings. With these entries, users can check the registers and memory spaces used by a host during run time, or save all the information with a simple 'cp -r' for post-mortem programs. The file hierarchy looks like this. [root of debugfs] |__usb |____[e,u,o]hci <---------[root for other HCIs] |____xhci <---------------[root for xHCI] |______0000:00:14.0 <--------------[xHCI host name] |________reg-cap <--------[capability registers] |________reg-op <-------[operational registers] |________reg-runtime <-----------[runtime registers] |________reg-ext-#cap_name <----[extended capability regs] |________command-ring <-------[root for command ring] |__________cycle <------------------[ring cycle] |__________dequeue <--------[ring dequeue pointer] |__________enqueue <--------[ring enqueue pointer] |__________trbs <-------------------[ring trbs] |________event-ring <---------[root for event ring] |__________cycle <------------------[ring cycle] |__________dequeue <--------[ring dequeue pointer] |__________enqueue <--------[ring enqueue pointer] |__________trbs <-------------------[ring trbs] |________devices <------------[root for devices] |__________#slot_id <-----------[root for a device] |____________name <-----------------[device name] |____________slot-context <----------------[slot context] |____________ep-context <-----------[endpoint contexts] |____________ep#ep_index <--------[root for an endpoint] |______________cycle <------------------[ring cycle] |______________dequeue <--------[ring dequeue pointer] |______________enqueue <--------[ring enqueue pointer] |______________trbs <-------------------[ring trbs] Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>