TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UPSTREAM: usb: gadget: f_fs: Ensure ep0req is dequeued before free_request

Browse Source 
As per the documentation, function usb_ep_free_request guarantees
the request will not be queued or no longer be re-queued (or
otherwise used). However, with the current implementation it
doesn't make sure that the request in ep0 isn't reused.

Fix this by dequeuing the ep0req on functionfs_unbind before
freeing the request to align with the definition.

Fixes: ddf8abd259 ("USB: f_fs: the FunctionFS driver")
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Tested-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Link: https://lore.kernel.org/r/20221215052906.8993-3-quic_ugoswami@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Bug: 265837309
(cherry picked from commit ce405d561b https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/ usb-linus)
Change-Id: Idbc5f13cedac59cbc893d229383b01662f4e4a03
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
This commit is contained in:
Udipto Goswami
2022-12-15 10:59:06 +05:30
committed by Todd Kjos
parent b44330f50c
commit 56583c9472
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
drivers/usb/gadget/function/f_fs.c
+2
View File
@@ -1894,6 +1894,8 @@ static void functionfs_unbind(struct ffs_data *ffs)
ENTER();
if (!WARN_ON(!ffs->gadget)) {
/* dequeue before freeing ep0req */
usb_ep_dequeue(ffs->gadget->ep0, ffs->ep0req);
mutex_lock(&ffs->mutex);
usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
ffs->ep0req = NULL;