Re: [PATCH] usb: gadget: udc-core: call udc_stop() before gadget unbind

[Felipe Balbi]

On Fri, Dec 12, 2014 at 02:17:28PM +0100, Robert Baldyga wrote:
> As usb function drivers assumes that all usb request will be completed
> before function unbind call, we should supply such behavior. In some
> cases ep_disable() won't kill all request effectively, because some
> IN requests can be in running state. In such situation it's possible
> to have unbind function called before last request completion, which
> can cause problems.
> 
> For example unbinding f_ecm function while request on 'notify' endpoint
> is not completed, ends up NULL pointer dereference in unbind() function.

this is a bug on f_ecm, however.

> usb_gadget_udc_stop() call causes completion of all requests so if it's
> called before gadget unbind there is no risk that some of requests will
> stay uncompleted.

we can't really stop the controller before the function's ->unbind() has
been called. Keep in mind that we can completely kill off the controller
(including gating clocks and, in some rare cases, disabling the power
domain) after ->udc_stop() has been called.

> Signed-off-by: Robert Baldyga <r.baldyga@xxxxxxxxxxx>
> ---
>  drivers/usb/gadget/udc/udc-core.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/gadget/udc/udc-core.c b/drivers/usb/gadget/udc/udc-core.c
> index e31d574..6f0d233 100644
> --- a/drivers/usb/gadget/udc/udc-core.c
> +++ b/drivers/usb/gadget/udc/udc-core.c
> @@ -331,8 +331,8 @@ static void usb_gadget_remove_driver(struct usb_udc *udc)
>  
>  	usb_gadget_disconnect(udc->gadget);
>  	udc->driver->disconnect(udc->gadget);
> -	udc->driver->unbind(udc->gadget);
>  	usb_gadget_udc_stop(udc);
> +	udc->driver->unbind(udc->gadget);
>  
>  	udc->driver = NULL;
>  	udc->dev.driver = NULL;
> -- 
> 1.9.1
> 

-- 
balbi

Attachment: signature.asc
Description: Digital signature