From: Marek Szyprowski Date: Fri, 28 Jan 2011 12:55:36 +0000 (+0100) Subject: USB: gadget: f_fs: even zero-length packets require a buffer X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ce1fd3585709e833ad102167024e97217734dbfd;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git USB: gadget: f_fs: even zero-length packets require a buffer Some UDC drivers fails to queue a request if req->buf == NULL even for ZLP requests. This patch adds a poisoned pointer instead of NULL to make the code compliant with the gadget specification and catches possible bug in the UDC driver if it tries to dereference buffer pointer on ZLP request. Signed-off-by: Marek Szyprowski Signed-off-by: Kyungmin Park Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c index 1499f9e4afa8..19fffccc370d 100644 --- a/drivers/usb/gadget/f_fs.c +++ b/drivers/usb/gadget/f_fs.c @@ -368,6 +368,14 @@ static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len) req->buf = data; req->length = len; + /* + * UDC layer requires to provide a buffer even for ZLP, but should + * not use it at all. Let's provide some poisoned pointer to catch + * possible bug in the driver. + */ + if (req->buf == NULL) + req->buf = (void *)0xDEADBABE; + INIT_COMPLETION(ffs->ep0req_completion); ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);