USB: msm72k_udc: Check if the ep is not disabled before queuing it
Queuing a request on a disabled endpoint during composition switch leads
to prime failure. Hence return -EINVAL if a request is queued on a disabled
endpoint.
Also, in f_mtp, block queuing a request in OUT ep in receive_file_work, if
the device state is STATE_OFFLINE.
Change-Id: I0e706d5280a2460baf6ab05dbf97a09c59b642fb
CRs-Fixed: 378207
Signed-off-by: Rajkumar Raghupathy <raghup@codeaurora.org>
diff --git a/drivers/usb/gadget/f_mtp.c b/drivers/usb/gadget/f_mtp.c
index 0394b0b..96790c5 100644
--- a/drivers/usb/gadget/f_mtp.c
+++ b/drivers/usb/gadget/f_mtp.c
@@ -788,7 +788,8 @@
/* wait for our last read to complete */
ret = wait_event_interruptible(dev->read_wq,
dev->rx_done || dev->state != STATE_BUSY);
- if (dev->state == STATE_CANCELED) {
+ if (dev->state == STATE_CANCELED
+ || dev->state == STATE_OFFLINE) {
r = -ECANCELED;
if (!dev->rx_done)
usb_ep_dequeue(dev->ep_out, read_req);
diff --git a/drivers/usb/gadget/msm72k_udc.c b/drivers/usb/gadget/msm72k_udc.c
index 297c183..55fd59e 100644
--- a/drivers/usb/gadget/msm72k_udc.c
+++ b/drivers/usb/gadget/msm72k_udc.c
@@ -702,6 +702,14 @@
spin_lock_irqsave(&ui->lock, flags);
+ if (ept->num != 0 && ept->ep.desc == NULL) {
+ req->req.status = -EINVAL;
+ spin_unlock_irqrestore(&ui->lock, flags);
+ dev_err(&ui->pdev->dev,
+ "%s: called for disabled endpoint\n", __func__);
+ return -EINVAL;
+ }
+
if (req->busy) {
req->req.status = -EBUSY;
spin_unlock_irqrestore(&ui->lock, flags);