USB: gadget: f_fs: even zero-length packets require a buffer

Some UDC drivers fails to queue a request if req->buf == NULL even for ZLP requests. This patch adds a poisoned pointer instead of NULL to make the code compliant with the gadget specification and catches possible bug in the UDC driver if it tries to dereference buffer pointer on ZLP request. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
git-mirror · Feb 4, 2011 · ce1fd35 · ce1fd35
1 parent 9a1b2e6
commit ce1fd35
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
@@ -368,6 +368,14 @@ static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
 	req->buf      = data;
 	req->length   = len;
 
+	/*
+	 * UDC layer requires to provide a buffer even for ZLP, but should
+	 * not use it at all. Let's provide some poisoned pointer to catch
+	 * possible bug in the driver.
+	 */
+	if (req->buf == NULL)
+		req->buf = (void *)0xDEADBABE;
+
 	INIT_COMPLETION(ffs->ep0req_completion);
 
 	ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);