usb: gadget: f_accessory: avoid requeuing write req if disconnected
There is a race condition when a write operation is blocked
waiting for an available request and the function is disabled
due to disconnection or reset. usb_ep_disable() is called from
acc_function_disable() and causes the UDC to call the pending
requests' completions, which will wake up the writer thread and
proceed to call usb_ep_queue() before the endpoint is fully
disabled. The UDC driver may not handle this and could allow
the request to be requeued inadvertently. In DWC3's case, this
allows the HW to attempt a transfer with stale TRBs that point
to invalid DMA buffers.
Let's ensure the function driver acts as a good citizen and handle
it by moving the check for dev->offline || dev->disconnected to
after the wait_event to make sure the endpoint is enabled before
attempting to queue another request.
Change-Id: I1aa005e0c1e3ed1e1d814ff79496b70fdb401571
Signed-off-by: Jack Pham <jackp@codeaurora.org>
1 file changed