usb: dwc_otg: fix memory corruption in dwc_otg driver

[Upstream commit 51b1b6491752ac066ee8d32cc66042fcc955fef6]

The move from the staging tree to the main tree exposed a
longstanding memory corruption bug in the dwc2 driver. The
reordering of the driver initialization caused the dwc2 driver
to corrupt the initialization data of the sdhci driver on the
Raspberry Pi platform, which made the bug show up.

The error is in calling to_usb_device(hsotg->dev), since ->dev
is not a member of struct usb_device. The easiest fix is to
just remove the offending code, since it is not really needed.

Thanks to Stephen Warren for tracking down the cause of this.

Reported-by: Andre Heider <a.heider@gmail.com>
Tested-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[lukas: port from upstream dwc2 to out-of-tree dwc_otg driver]
Signed-off-by: Lukas Wunner <lukas@wunner.de>

diff --git a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
index 992269d61ecf48126379a38e528f719009ee1d75..14767c5ba45cc9187fcae690dd257321dd51522a 100644 (file)
--- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
+++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
@@ -1003,25 +1003,11 @@ static void endpoint_disable(struct usb_hcd *hcd, struct usb_host_endpoint *ep)
 static void endpoint_reset(struct usb_hcd *hcd, struct usb_host_endpoint *ep)
 {
        dwc_irqflags_t flags;
-       struct usb_device *udev = NULL;
-       int epnum = usb_endpoint_num(&ep->desc);
-       int is_out = usb_endpoint_dir_out(&ep->desc);
-       int is_control = usb_endpoint_xfer_control(&ep->desc);
        dwc_otg_hcd_t *dwc_otg_hcd = hcd_to_dwc_otg_hcd(hcd);
-        struct device *dev = DWC_OTG_OS_GETDEV(dwc_otg_hcd->otg_dev->os_dep);
-
-       if (dev)
-               udev = to_usb_device(dev);
-       else
-               return;
 
        DWC_DEBUGPL(DBG_HCD, "DWC OTG HCD EP RESET: Endpoint Num=0x%02d\n", epnum);
 
        DWC_SPINLOCK_IRQSAVE(dwc_otg_hcd->lock, &flags);
-       usb_settoggle(udev, epnum, is_out, 0);
-       if (is_control)
-               usb_settoggle(udev, epnum, !is_out, 0);
-
        if (ep->hcpriv) {
                dwc_otg_hcd_endpoint_reset(dwc_otg_hcd, ep->hcpriv);
        }