[v2] usb: dwc3: gadget: WARN() on bogus usb_ep_queue()

Message ID	1414592420-18715-1-git-send-email-balbi@ti.com
State	Accepted
Commit	73359cef4fcc322c96019b2a5c1e99b08f3bbb57
Headers	show Return-Path: <patchwork-forward+bncBC5M7T4HYEKRBRPPYORAKGQEZY46INQ@linaro.org> Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.179 as permitted sender) client-ip=209.85.217.179; Received-SPF: none (google.com: linux-usb-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67; From: Felipe Balbi <balbi@ti.com> To: Linux USB Mailing List <linux-usb@vger.kernel.org> CC: <julia.lawall@lip6.fr>, Felipe Balbi <balbi@ti.com> Subject: [PATCH v2] usb: dwc3: gadget: WARN() on bogus usb_ep_queue() Date: Wed, 29 Oct 2014 09:20:20 -0500 Message-ID: <1414592420-18715-1-git-send-email-balbi@ti.com> MIME-Version: 1.0 Sender: linux-usb-owner@vger.kernel.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org Content-Type: text/plain

Message ID

1414592420-18715-1-git-send-email-balbi@ti.com

State

Accepted

Commit

73359cef4fcc322c96019b2a5c1e99b08f3bbb57

Headers

Received-SPF: pass (google.com: domain of
	patch+caf_=patchwork-forward=linaro.org@linaro.org designates
	209.85.217.179 as permitted sender) client-ip=209.85.217.179; 
Received-SPF: none (google.com: linux-usb-owner@vger.kernel.org does not
	designate permitted sender hosts) client-ip=209.132.180.67; 
From: Felipe Balbi <balbi@ti.com>
To: Linux USB Mailing List <linux-usb@vger.kernel.org>
CC: <julia.lawall@lip6.fr>, Felipe Balbi <balbi@ti.com>
Subject: [PATCH v2] usb: dwc3: gadget: WARN() on bogus usb_ep_queue()
Date: Wed, 29 Oct 2014 09:20:20 -0500
Message-ID: <1414592420-18715-1-git-send-email-balbi@ti.com>
MIME-Version: 1.0
Sender: linux-usb-owner@vger.kernel.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
	contact patchwork-forward+owners@linaro.org
Content-Type: text/plain

Commit Message

Felipe Balbi Oct. 29, 2014, 2:20 p.m. UTC

Some gadget/function drivers might want to do
improper request recycling by allocating a single
request from one particular endpoint and queueing
it to another completely unrelated endpoint.

One such case was found with f_loopback.c.

To prevent such cases from happening again, let's
WARN() so we get a loud enough failure and persuade
users to report errors.

Signed-off-by: Felipe Balbi <balbi@ti.com>
---
 drivers/usb/dwc3/gadget.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 12f4284..20e4ee9 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1140,8 +1140,14 @@  static int dwc3_gadget_ep_queue(struct usb_ep *ep, struct usb_request *request,
 	if (!dep->endpoint.desc) {
 		dev_dbg(dwc->dev, "trying to queue request %p to disabled %s\n",
 				request, ep->name);
-		spin_unlock_irqrestore(&dwc->lock, flags);
-		return -ESHUTDOWN;
+		ret = -ESHUTDOWN;
+		goto out;
+	}
+
+	if (WARN(req->dep != dep, "request %p belongs to '%s'\n",
+				request, req->dep->name)) {
+		ret = -EINVAL;
+		goto out;
 	}
 
 	dev_vdbg(dwc->dev, "queing request %p to %s length %d\n",
@@ -1149,6 +1155,8 @@  static int dwc3_gadget_ep_queue(struct usb_ep *ep, struct usb_request *request,
 	trace_dwc3_ep_queue(req);
 
 	ret = __dwc3_gadget_ep_queue(dep, req);
+
+out:
 	spin_unlock_irqrestore(&dwc->lock, flags);
 
 	return ret;

[v2] usb: dwc3: gadget: WARN() on bogus usb_ep_queue()

Commit Message

Patch