usb: gadget: forbid queuing request to a disabled ep
Queue a request to disabled ep doesn't make sense, and induce caller make mistakes. Here is a example for the android mtp gadget function driver. A mem corruption can happen on below senario. 1) On disconnect, mtp driver disable its EPs, 2) During send_file_work and receive_file_work, mtp queues a request to ep. (The mtp driver need improve its synchronization logic!) 3) mtp_function_unbind is invoked and all mtp requests are freed. 4) when udc process the request queued on step 2, will cause kernel NULL pointer dereference exception. Signed-off-by: NDu, Changbin <changbin.du@intel.com> Signed-off-by: NFelipe Balbi <balbi@ti.com>
Showing
想要评论请 注册 或 登录