USB: f_fs: Fix disconnect check during ongoing IO

F_FS function driver allocated ffs_eps and updates ffs_ep->ep
to corresponding usb_ep during func->bind and never clears it.
On bind it also saves ffs_ep context in epfile->ep.
During func->disable, it clears only ffs_ep context in epfile->ep
and on func->unbind it frees ffs_eps memory.
ffs_epfile_io routine currently relies on ffs_ep->ep (which is
never cleared and ffs_ep could be freed on unbind) to detect any
disconnect during active IO. This can result in various issues e.g.
use after free use of ffs_ep if unbind finished before epfile_io
could resume or "stop adbd" trying to dequeue a freed USB request
when epfile_io could execute only after F_FS got disabled as
'if (ep->ep)' check would be TRUE.
Fix this by checking stored ffs_ep context against latest epfile->ep
to figure out if endpoint got disabled or changed before acquiring
spin_lock.

Change-Id: I6bdcdf0dff0813ed7b2af8c24f544a22796b0369
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>

0 files changed, 0 insertions, 0 deletions