[PATCH 3/3] usb: gadget: introduce 'enabled' flag in struct usb_ep

Mattijs Korpershoek mkorpershoek at kernel.org
Thu Apr 10 14:19:55 CEST 2025 

Hi Stephan,

Thank you for the patch.

On lun., avril 07, 2025 at 16:59, Stephan Gerhold <stephan.gerhold at linaro.org> wrote:

> f_acm calls usb_ep_disable(f_acm->ep_notify) unconditionally in
> acm_start_ctrl(), even if the USB endpoint was never enabled before. This
> causes crashes for some UDC drivers (e.g. ci_udc), because they dereference
> data structures that are assigned only after having called usb_ep_enable().
>
> The f_acm driver in U-Boot is similar to the Linux driver, where this issue
> does not occur because usb_ep_disable() and usb_ep_enable() internally
> track the enabled state. In Linux this change was made in commit
> b0bac2581c19 ("usb: gadget: introduce 'enabled' flag in struct usb_ep") by
> Robert Baldyga.
>
> Fix the crashes for f_acm by making the same change in U-Boot. This makes
> the API less bug-prone and avoids introducing crashes when adapting new
> gadget drivers from Linux.
>
> Signed-off-by: Stephan Gerhold <stephan.gerhold at linaro.org>

Reviewed-by: Mattijs Korpershoek <mkorpershoek at kernel.org>

> ---
>  include/linux/usb/gadget.h | 27 +++++++++++++++++++++++++--
>  1 file changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h
> index c7927df15aa386f33eb3b3889adee854d42386a8..fe79bf64a0e1c037e69e694fe58cbe5343e18a70 100644
> --- a/include/linux/usb/gadget.h
> +++ b/include/linux/usb/gadget.h
> @@ -179,6 +179,7 @@ struct usb_ep {
>  	const struct usb_ep_ops	*ops;
>  	struct list_head	ep_list;
>  	struct usb_ep_caps	caps;
> +	bool			enabled;
>  	unsigned		maxpacket:16;
>  	unsigned		maxpacket_limit:16;
>  	unsigned		max_streams:16;
> @@ -230,7 +231,18 @@ static inline void usb_ep_set_maxpacket_limit(struct usb_ep *ep,
>  static inline int usb_ep_enable(struct usb_ep *ep,
>  				const struct usb_endpoint_descriptor *desc)
>  {
> -	return ep->ops->enable(ep, desc);
> +	int ret;
> +
> +	if (ep->enabled)
> +		return 0;
> +
> +	ret = ep->ops->enable(ep, desc);
> +	if (ret)
> +		return ret;
> +
> +	ep->enabled = true;
> +
> +	return 0;
>  }
>  
>  /**
> @@ -247,7 +259,18 @@ static inline int usb_ep_enable(struct usb_ep *ep,
>   */
>  static inline int usb_ep_disable(struct usb_ep *ep)
>  {
> -	return ep->ops->disable(ep);
> +	int ret;
> +
> +	if (!ep->enabled)
> +		return 0;
> +
> +	ret = ep->ops->disable(ep);
> +	if (ret)
> +		return ret;
> +
> +	ep->enabled = false;
> +
> +	return 0;
>  }
>  
>  /**
>
> -- 
> 2.47.2

More information about the U-Boot mailing list