On Fri, Dec 12, 2014 at 02:17:28PM +0100, Robert Baldyga wrote: > As usb function drivers assumes that all usb request will be completed > before function unbind call, we should supply such behavior. In some > cases ep_disable() won't kill all request effectively, because some > IN requests can be in running state. In such situation it's possible > to have unbind function called before last request completion, which > can cause problems. > > For example unbinding f_ecm function while request on 'notify' endpoint > is not completed, ends up NULL pointer dereference in unbind() function. this is a bug on f_ecm, however. > usb_gadget_udc_stop() call causes completion of all requests so if it's > called before gadget unbind there is no risk that some of requests will > stay uncompleted. we can't really stop the controller before the function's ->unbind() has been called. Keep in mind that we can completely kill off the controller (including gating clocks and, in some rare cases, disabling the power domain) after ->udc_stop() has been called. > Signed-off-by: Robert Baldyga <r.baldyga@xxxxxxxxxxx> > --- > drivers/usb/gadget/udc/udc-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/usb/gadget/udc/udc-core.c b/drivers/usb/gadget/udc/udc-core.c > index e31d574..6f0d233 100644 > --- a/drivers/usb/gadget/udc/udc-core.c > +++ b/drivers/usb/gadget/udc/udc-core.c > @@ -331,8 +331,8 @@ static void usb_gadget_remove_driver(struct usb_udc *udc) > > usb_gadget_disconnect(udc->gadget); > udc->driver->disconnect(udc->gadget); > - udc->driver->unbind(udc->gadget); > usb_gadget_udc_stop(udc); > + udc->driver->unbind(udc->gadget); > > udc->driver = NULL; > udc->dev.driver = NULL; > -- > 1.9.1 > -- balbi
Attachment:
signature.asc
Description: Digital signature
