usb: dwc2: fix memory corruption in dwc2 driver

The move from the staging tree to the main tree exposed a
longstanding memory corruption bug in the dwc2 driver. The
reordering of the driver initialization caused the dwc2 driver
to corrupt the initialization data of the sdhci driver on the
Raspberry Pi platform, which made the bug show up.

The error is in calling to_usb_device(hsotg->dev), since ->dev
is not a member of struct usb_device. The easiest fix is to
just remove the offending code, since it is not really needed.

Thanks to Stephen Warren for tracking down the cause of this.

Reported-by: Andre Heider <a.heider@gmail.com>
Tested-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Paul Zimmerman 2014-02-04 11:21:24 -08:00 коммит произвёл Greg Kroah-Hartman
Родитель a23666c499
Коммит 51b1b64917
1 изменённых файлов: 0 добавлений и 11 удалений

Просмотреть файл

@ -2565,25 +2565,14 @@ static void _dwc2_hcd_endpoint_reset(struct usb_hcd *hcd,
struct usb_host_endpoint *ep) struct usb_host_endpoint *ep)
{ {
struct dwc2_hsotg *hsotg = dwc2_hcd_to_hsotg(hcd); struct dwc2_hsotg *hsotg = dwc2_hcd_to_hsotg(hcd);
int is_control = usb_endpoint_xfer_control(&ep->desc);
int is_out = usb_endpoint_dir_out(&ep->desc);
int epnum = usb_endpoint_num(&ep->desc);
struct usb_device *udev;
unsigned long flags; unsigned long flags;
dev_dbg(hsotg->dev, dev_dbg(hsotg->dev,
"DWC OTG HCD EP RESET: bEndpointAddress=0x%02x\n", "DWC OTG HCD EP RESET: bEndpointAddress=0x%02x\n",
ep->desc.bEndpointAddress); ep->desc.bEndpointAddress);
udev = to_usb_device(hsotg->dev);
spin_lock_irqsave(&hsotg->lock, flags); spin_lock_irqsave(&hsotg->lock, flags);
usb_settoggle(udev, epnum, is_out, 0);
if (is_control)
usb_settoggle(udev, epnum, !is_out, 0);
dwc2_hcd_endpoint_reset(hsotg, ep); dwc2_hcd_endpoint_reset(hsotg, ep);
spin_unlock_irqrestore(&hsotg->lock, flags); spin_unlock_irqrestore(&hsotg->lock, flags);
} }