As usb function drivers assumes that all usb request will be completed before function unbind call, we should supply such behavior. In some cases ep_disable() won't kill all request effectively, because some IN requests can be in running state. In such situation it's possible to have unbind function called before last request completion, which can cause problems. For example unbinding f_ecm function while request on 'notify' endpoint is not completed, ends up NULL pointer dereference in unbind() function. usb_gadget_udc_stop() call causes completion of all requests so if it's called before gadget unbind there is no risk that some of requests will stay uncompleted. Signed-off-by: Robert Baldyga <r.baldyga@xxxxxxxxxxx> --- drivers/usb/gadget/udc/udc-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/udc-core.c b/drivers/usb/gadget/udc/udc-core.c index e31d574..6f0d233 100644 --- a/drivers/usb/gadget/udc/udc-core.c +++ b/drivers/usb/gadget/udc/udc-core.c @@ -331,8 +331,8 @@ static void usb_gadget_remove_driver(struct usb_udc *udc) usb_gadget_disconnect(udc->gadget); udc->driver->disconnect(udc->gadget); - udc->driver->unbind(udc->gadget); usb_gadget_udc_stop(udc); + udc->driver->unbind(udc->gadget); udc->driver = NULL; udc->dev.driver = NULL; -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
