xhci: guard accesses to ep_state in xhci_endpoint_reset() (310fa201) · Commits · e / devices / android_kernel_oneplus_sm7250

drivers/usb/host/xhci.c

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -3093,10 +3093,13 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd,
	ep = &vdev->eps[ep_index];		ep = &vdev->eps[ep_index];

	/* Bail out if toggle is already being cleared by a endpoint reset */		/* Bail out if toggle is already being cleared by a endpoint reset */
			spin_lock_irqsave(&xhci->lock, flags);
	if (ep->ep_state & EP_HARD_CLEAR_TOGGLE) {		if (ep->ep_state & EP_HARD_CLEAR_TOGGLE) {
	ep->ep_state &= ~EP_HARD_CLEAR_TOGGLE;		ep->ep_state &= ~EP_HARD_CLEAR_TOGGLE;
			spin_unlock_irqrestore(&xhci->lock, flags);
	return;		return;
	}		}
			spin_unlock_irqrestore(&xhci->lock, flags);
	/* Only interrupt and bulk ep's use data toggle, USB2 spec 5.5.4-> */		/* Only interrupt and bulk ep's use data toggle, USB2 spec 5.5.4-> */
	if (usb_endpoint_xfer_control(&host_ep->desc) \|\|		if (usb_endpoint_xfer_control(&host_ep->desc) \|\|
	usb_endpoint_xfer_isoc(&host_ep->desc))		usb_endpoint_xfer_isoc(&host_ep->desc))
	@@ -3182,8 +3185,10 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd,
	xhci_free_command(xhci, cfg_cmd);		xhci_free_command(xhci, cfg_cmd);
	cleanup:		cleanup:
	xhci_free_command(xhci, stop_cmd);		xhci_free_command(xhci, stop_cmd);
			spin_lock_irqsave(&xhci->lock, flags);
	if (ep->ep_state & EP_SOFT_CLEAR_TOGGLE)		if (ep->ep_state & EP_SOFT_CLEAR_TOGGLE)
	ep->ep_state &= ~EP_SOFT_CLEAR_TOGGLE;		ep->ep_state &= ~EP_SOFT_CLEAR_TOGGLE;
			spin_unlock_irqrestore(&xhci->lock, flags);
	}		}

	static int xhci_check_streams_endpoint(struct xhci_hcd *xhci,		static int xhci_check_streams_endpoint(struct xhci_hcd *xhci,