usb: dwc3: gadget: Prevent tx fifo resize before set config
If device took longer than expected time queuing zlp in status
stage host issues bus reset. As a result tx fifio resize happens
at status stage of first control transfer after bus reset. This
causes null pointer dereference for config pointer as device is
not in configured state yet. Hence clear the resize_fifos flag
upon bus reset to avoid this situation. Also add NULL check in
dwc3_gadget_resize_tx_fifos().
CRs-Fixed: 747688
Change-Id: Icd50eaa15f75c1b0bd7e2f8db5550ad54af47ef8
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index b3bf0ed..8e35fdc 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -205,7 +205,7 @@ int dwc3_gadget_resize_tx_fifos(struct dwc3 *dwc)
int num_eps;
struct usb_composite_dev *cdev = get_gadget_data(&dwc->gadget);
- if (!dwc->needs_fifo_resize)
+ if (!(cdev && cdev->config) || !dwc->needs_fifo_resize)
return 0;
/* gadget.num_eps never be greater than dwc->num_in_eps */
@@ -2872,6 +2872,9 @@ static void dwc3_gadget_reset_interrupt(struct dwc3 *dwc)
dwc3_stop_active_transfers(dwc);
dwc3_clear_stall_all_ep(dwc);
+ /* bus reset issued due to missing status stage of a control transfer */
+ dwc->resize_fifos = 0;
+
/* Reset device address to zero */
reg = dwc3_readl(dwc->regs, DWC3_DCFG);
reg &= ~(DWC3_DCFG_DEVADDR_MASK);