Re: [PATCH 3/3] usb: gadget: introduce 'enabled' flag in struct usb_ep

Thu, 10 Apr 2025 05:20:12 -0700 

Hi Stephan,

Thank you for the patch.

On lun., avril 07, 2025 at 16:59, Stephan Gerhold <stephan.gerh...@linaro.org> 
wrote:

> f_acm calls usb_ep_disable(f_acm->ep_notify) unconditionally in
> acm_start_ctrl(), even if the USB endpoint was never enabled before. This
> causes crashes for some UDC drivers (e.g. ci_udc), because they dereference
> data structures that are assigned only after having called usb_ep_enable().
>
> The f_acm driver in U-Boot is similar to the Linux driver, where this issue
> does not occur because usb_ep_disable() and usb_ep_enable() internally
> track the enabled state. In Linux this change was made in commit
> b0bac2581c19 ("usb: gadget: introduce 'enabled' flag in struct usb_ep") by
> Robert Baldyga.
>
> Fix the crashes for f_acm by making the same change in U-Boot. This makes
> the API less bug-prone and avoids introducing crashes when adapting new
> gadget drivers from Linux.
>
> Signed-off-by: Stephan Gerhold <stephan.gerh...@linaro.org>

Reviewed-by: Mattijs Korpershoek <mkorpersh...@kernel.org>

> ---
>  include/linux/usb/gadget.h | 27 +++++++++++++++++++++++++--
>  1 file changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h
> index 
> c7927df15aa386f33eb3b3889adee854d42386a8..fe79bf64a0e1c037e69e694fe58cbe5343e18a70
>  100644
> --- a/include/linux/usb/gadget.h
> +++ b/include/linux/usb/gadget.h
> @@ -179,6 +179,7 @@ struct usb_ep {
>       const struct usb_ep_ops *ops;
>       struct list_head        ep_list;
>       struct usb_ep_caps      caps;
> +     bool                    enabled;
>       unsigned                maxpacket:16;
>       unsigned                maxpacket_limit:16;
>       unsigned                max_streams:16;
> @@ -230,7 +231,18 @@ static inline void usb_ep_set_maxpacket_limit(struct 
> usb_ep *ep,
>  static inline int usb_ep_enable(struct usb_ep *ep,
>                               const struct usb_endpoint_descriptor *desc)
>  {
> -     return ep->ops->enable(ep, desc);
> +     int ret;
> +
> +     if (ep->enabled)
> +             return 0;
> +
> +     ret = ep->ops->enable(ep, desc);
> +     if (ret)
> +             return ret;
> +
> +     ep->enabled = true;
> +
> +     return 0;
>  }
>  
>  /**
> @@ -247,7 +259,18 @@ static inline int usb_ep_enable(struct usb_ep *ep,
>   */
>  static inline int usb_ep_disable(struct usb_ep *ep)
>  {
> -     return ep->ops->disable(ep);
> +     int ret;
> +
> +     if (!ep->enabled)
> +             return 0;
> +
> +     ret = ep->ops->disable(ep);
> +     if (ret)
> +             return ret;
> +
> +     ep->enabled = false;
> +
> +     return 0;
>  }
>  
>  /**
>
> -- 
> 2.47.2

Reply via email to