The ci_udc driver request allocation assumes that the endpoint descriptor
pointer is set to retrieve the endpoint number, but that is only true
when the endpoint is enabled. This results in a NULL ptr dereference
which for me happens to return 0 value. This causes the EP0 request
struct to be returned for other endpoints. Some gadget drivers like
fastboot and USB MS work fine, but ethernet does not.
Really, the ci_udc driver is the oddball here doing this EP0 special
case handling Stephen added. All the other drivers alloc/free functions
are pretty much the same with the only variation being the size of the
private struct. This could all be consolidated to a common function.
Signed-off-by: Rob Herring <robh@kernel.org>
Cc: Marek Vasut <marex@denx.de>
Acked-by: Stephen Warren <swarren@nvidia.com>
ci_ep_alloc_request(struct usb_ep *ep, unsigned int gfp_flags)
{
struct ci_ep *ci_ep = container_of(ep, struct ci_ep, ep);
- int num;
+ int num = -1;
struct ci_req *ci_req;
- num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
+ if (ci_ep->desc)
+ num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
+
if (num == 0 && controller.ep0_req)
return &controller.ep0_req->req;
{
struct ci_ep *ci_ep = container_of(ep, struct ci_ep, ep);
struct ci_req *ci_req = container_of(req, struct ci_req, req);
- int num;
+ int num = -1;
+
+ if (ci_ep->desc)
+ num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
- num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK;
if (num == 0) {
if (!controller.ep0_req)
return;
projects / karo-tx-uboot.git / commitdiff