The xHCI slot ID is one-based, not zero-based. Fix the length of the xhci->slot[] array to account for this, and add assertions to check that the hardware returns a valid slot ID in response to the Enable Slot command. Signed-off-by: Michael Brown <mcb30@ipxe.org>

9 years ago · 982b051cbc
--- a/src/drivers/usb/xhci.c
+++ b/src/drivers/usb/xhci.c
@@ -2622,6 +2622,7 @@ static int xhci_device_open ( struct usb_device *usb ) {
 
				
				 		rc = id;
			
 
				
				 		goto err_enable_slot;
			
 
				
				 	}
			
 
				
				+	assert ( ( id > 0 ) && ( id <= xhci->slots ) );
			
 
				
				 	assert ( xhci->slot[id] == NULL );
			
 
				
				 
			
 
				
				 	/* Allocate and initialise structure */
			
@@ -2761,7 +2762,7 @@ static int xhci_bus_open ( struct usb_bus *bus ) {
 
				
				 	int rc;
			
 
				
				 
			
 
				
				 	/* Allocate device slot array */
			
 
				
				-	xhci->slot = zalloc ( xhci->slots * sizeof ( xhci->slot[0] ) );
			
 
				
				+	xhci->slot = zalloc ( ( xhci->slots + 1 ) * sizeof ( xhci->slot[0] ) );
			
 
				
				 	if ( ! xhci->slot ) {
			
 
				
				 		rc = -ENOMEM;
			
 
				
				 		goto err_slot_alloc;
			
@@ -2813,7 +2814,7 @@ static void xhci_bus_close ( struct usb_bus *bus ) {
 
				
				 
			
 
				
				 	/* Sanity checks */
			
 
				
				 	assert ( xhci->slot != NULL );
			
 
				
				-	for ( i = 0 ; i < xhci->slots ; i++ )
			
 
				
				+	for ( i = 0 ; i <= xhci->slots ; i++ )
			
 
				
				 		assert ( xhci->slot[i] == NULL );
			
 
				
				 
			
 
				
				 	xhci_stop ( xhci );