Commit ce1fd358 authored by Marek Szyprowski's avatar Marek Szyprowski Committed by Greg Kroah-Hartman

USB: gadget: f_fs: even zero-length packets require a buffer

Some UDC drivers fails to queue a request if req->buf == NULL even for
ZLP requests. This patch adds a poisoned pointer instead of NULL to
make the code compliant with the gadget specification and catches
possible bug in the UDC driver if it tries to dereference buffer pointer
on ZLP request.
Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: default avatarKyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 9a1b2e64
...@@ -368,6 +368,14 @@ static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len) ...@@ -368,6 +368,14 @@ static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
req->buf = data; req->buf = data;
req->length = len; req->length = len;
/*
* UDC layer requires to provide a buffer even for ZLP, but should
* not use it at all. Let's provide some poisoned pointer to catch
* possible bug in the driver.
*/
if (req->buf == NULL)
req->buf = (void *)0xDEADBABE;
INIT_COMPLETION(ffs->ep0req_completion); INIT_COMPLETION(ffs->ep0req_completion);
ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC); ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment