From bdf81611e444e8aef21cb05eeae69f694c0c7a39 Mon Sep 17 00:00:00 2001 From: Stephen Warren Date: Tue, 10 Jun 2014 11:02:36 -0600 Subject: [PATCH] usb: ci_udc: fix freeing of ep0 req ci_ep_alloc_request() avoids allocating multiple request objects for ep0 by keeping a record of the first req allocated for ep0, and always returning that instead of allocating a new req. However, if this req is ever freed, the record of the previous allocation is not cleared, so ci_ep_alloc_request() will keep returning this stale pointer. Fix ci_ep_free_request() to clear the record of the previous allocation. Signed-off-by: Stephen Warren --- drivers/usb/gadget/ci_udc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/ci_udc.c b/drivers/usb/gadget/ci_udc.c index 5f308563e2..7a6563f83f 100644 --- a/drivers/usb/gadget/ci_udc.c +++ b/drivers/usb/gadget/ci_udc.c @@ -221,9 +221,14 @@ ci_ep_alloc_request(struct usb_ep *ep, unsigned int gfp_flags) static void ci_ep_free_request(struct usb_ep *ep, struct usb_request *req) { - struct ci_req *ci_req; + struct ci_ep *ci_ep = container_of(ep, struct ci_ep, ep); + struct ci_req *ci_req = container_of(req, struct ci_req, req); + int num; + + num = ci_ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; + if (num == 0) + controller.ep0_req = 0; - ci_req = container_of(req, struct ci_req, req); if (ci_req->b_buf) free(ci_req->b_buf); free(ci_req); -- 2.39.5