From de86bf5edc2bde10abbb901240908a55827c5d91 Mon Sep 17 00:00:00 2001
From: Minda Chen <minda.chen@starfivetech.com>
Date: Thu, 12 Oct 2023 16:44:34 +0800
Subject: usb: fix TRB_TRANSFER return null pointer issue

xhci_wait_for_event() wait TRB_TRANSFER may return null
pointer, shoud checkit avoid crash.
Read usb device info maybe failed, should check it and
do not register usb device. uboot should rescan usb
device and register.

Signed-off-by: Minda Chen <minda.chen@starfivetech.com>
---
 common/usb.c                 | 24 ++++++++++++++++++------
 drivers/usb/host/xhci-ring.c |  2 ++
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/common/usb.c b/common/usb.c
index aad13fd9c5..68885d6ee4 100644
--- a/common/usb.c
+++ b/common/usb.c
@@ -1144,20 +1144,32 @@ int usb_select_config(struct usb_device *dev)
 	memset(dev->mf, 0, sizeof(dev->mf));
 	memset(dev->prod, 0, sizeof(dev->prod));
 	memset(dev->serial, 0, sizeof(dev->serial));
-	if (dev->descriptor.iManufacturer)
-		usb_string(dev, dev->descriptor.iManufacturer,
+	if (dev->descriptor.iManufacturer) {
+		err = usb_string(dev, dev->descriptor.iManufacturer,
 			   dev->mf, sizeof(dev->mf));
-	if (dev->descriptor.iProduct)
-		usb_string(dev, dev->descriptor.iProduct,
+		if (err < 0)
+			goto decriptor_err;
+	} if (dev->descriptor.iProduct) {
+		err = usb_string(dev, dev->descriptor.iProduct,
 			   dev->prod, sizeof(dev->prod));
-	if (dev->descriptor.iSerialNumber)
-		usb_string(dev, dev->descriptor.iSerialNumber,
+		if (err < 0)
+			goto decriptor_err;
+	}
+	if (dev->descriptor.iSerialNumber) {
+		err = usb_string(dev, dev->descriptor.iSerialNumber,
 			   dev->serial, sizeof(dev->serial));
+		if (err < 0)
+			goto decriptor_err;
+	}
 	debug("Manufacturer %s\n", dev->mf);
 	debug("Product      %s\n", dev->prod);
 	debug("SerialNumber %s\n", dev->serial);
 
 	return 0;
+
+decriptor_err:
+	printf("failed to get usb device info %d\n", err);
+	return err;
 }
 
 int usb_setup_device(struct usb_device *dev, bool do_read,
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 35bd5cd29e..0bc44752be 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -499,6 +499,8 @@ static void abort_td(struct usb_device *udev, int ep_index)
 	xhci_queue_command(ctrl, NULL, udev->slot_id, ep_index, TRB_STOP_RING);
 
 	event = xhci_wait_for_event(ctrl, TRB_TRANSFER);
+	if (!event)
+		return;
 	field = le32_to_cpu(event->trans_event.flags);
 	BUG_ON(TRB_TO_SLOT_ID(field) != udev->slot_id);
 	BUG_ON(TRB_TO_EP_INDEX(field) != ep_index);
-- 
cgit v1.2.3