diff options
| author | Stephan Gerhold <stephan.gerhold@linaro.org> | 2025-04-07 16:59:37 +0200 |
|---|---|---|
| committer | Mattijs Korpershoek <mkorpershoek@kernel.org> | 2025-04-23 09:50:52 +0200 |
| commit | 59310d1ecb9f56a1bac405a5edfa9774f2d90220 (patch) | |
| tree | e6d2f5a5eb36094c1f2af81f113bcb25bbd93559 /include/linux/usb/gadget.h | |
| parent | 22b5aad20ae0f17bd9617fb9c10ddb38d2b91920 (diff) | |
usb: gadget: introduce 'enabled' flag in struct usb_ep
f_acm calls usb_ep_disable(f_acm->ep_notify) unconditionally in
acm_start_ctrl(), even if the USB endpoint was never enabled before. This
causes crashes for some UDC drivers (e.g. ci_udc), because they dereference
data structures that are assigned only after having called usb_ep_enable().
The f_acm driver in U-Boot is similar to the Linux driver, where this issue
does not occur because usb_ep_disable() and usb_ep_enable() internally
track the enabled state. In Linux this change was made in commit
b0bac2581c19 ("usb: gadget: introduce 'enabled' flag in struct usb_ep") by
Robert Baldyga.
Fix the crashes for f_acm by making the same change in U-Boot. This makes
the API less bug-prone and avoids introducing crashes when adapting new
gadget drivers from Linux.
Signed-off-by: Stephan Gerhold <stephan.gerhold@linaro.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Link: https://lore.kernel.org/r/20250407-acm-fixes-v1-3-e3dcb592d6d6@linaro.org
Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
Diffstat (limited to 'include/linux/usb/gadget.h')
| -rw-r--r-- | include/linux/usb/gadget.h | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h index c7927df15aa..fe79bf64a0e 100644 --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -179,6 +179,7 @@ struct usb_ep { const struct usb_ep_ops *ops; struct list_head ep_list; struct usb_ep_caps caps; + bool enabled; unsigned maxpacket:16; unsigned maxpacket_limit:16; unsigned max_streams:16; @@ -230,7 +231,18 @@ static inline void usb_ep_set_maxpacket_limit(struct usb_ep *ep, static inline int usb_ep_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) { - return ep->ops->enable(ep, desc); + int ret; + + if (ep->enabled) + return 0; + + ret = ep->ops->enable(ep, desc); + if (ret) + return ret; + + ep->enabled = true; + + return 0; } /** @@ -247,7 +259,18 @@ static inline int usb_ep_enable(struct usb_ep *ep, */ static inline int usb_ep_disable(struct usb_ep *ep) { - return ep->ops->disable(ep); + int ret; + + if (!ep->enabled) + return 0; + + ret = ep->ops->disable(ep); + if (ret) + return ret; + + ep->enabled = false; + + return 0; } /** |