usb: gadget: Move req->length check from function drivers to composite
req->legth is set as 0 before calling individual function driver's
setup routines. Hence, check for the buffer length in composite_setup
only.
Also, change max buffer size to 4k to accomodate our descriptors.
Change-Id: Ic96408210e7e5576928a7147d2d8a57fa620d287
Signed-off-by: Manu Gautam <mgautam@codeaurora.org>
diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index dc06da6..4c33695 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -37,7 +37,7 @@
*/
/* big enough to hold our biggest descriptor */
-#define USB_BUFSIZ 1024
+#define USB_BUFSIZ 4096
static struct usb_composite_driver *composite;
static int (*composite_gadget_bind)(struct usb_composite_dev *cdev);
@@ -859,6 +859,10 @@
struct usb_function *f = NULL;
u8 endp;
+
+ if (w_length > USB_BUFSIZ)
+ return value;
+
/* partial re-init of the response message; the function or the
* gadget might need to intercept e.g. a control-OUT completion
* when we delegate to it.
diff --git a/drivers/usb/gadget/f_mass_storage.c b/drivers/usb/gadget/f_mass_storage.c
index ecade02..55d9a307 100644
--- a/drivers/usb/gadget/f_mass_storage.c
+++ b/drivers/usb/gadget/f_mass_storage.c
@@ -2649,7 +2649,6 @@
*/
if (!fsg_is_set(common))
break;
- common->ep0req->length = 0;
if (test_and_clear_bit(IGNORE_BULK_OUT,
&common->fsg->atomic_bitflags))
usb_ep_clear_halt(common->fsg->bulk_in);
diff --git a/drivers/usb/gadget/f_rmnet.c b/drivers/usb/gadget/f_rmnet.c
index 0bb50de..2a61337 100644
--- a/drivers/usb/gadget/f_rmnet.c
+++ b/drivers/usb/gadget/f_rmnet.c
@@ -493,8 +493,6 @@
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
| USB_CDC_SEND_ENCAPSULATED_COMMAND:
- if (w_length > req->length)
- goto invalid;
ret = w_length;
req->complete = frmnet_cmd_complete;
req->context = dev;
diff --git a/drivers/usb/gadget/f_rmnet_sdio.c b/drivers/usb/gadget/f_rmnet_sdio.c
index 61a67bb..b15c221 100644
--- a/drivers/usb/gadget/f_rmnet_sdio.c
+++ b/drivers/usb/gadget/f_rmnet_sdio.c
@@ -534,8 +534,6 @@
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
| USB_CDC_SEND_ENCAPSULATED_COMMAND:
- if (w_length > req->length)
- goto invalid;
ret = w_length;
req->complete = rmnet_sdio_command_complete;
req->context = dev;
diff --git a/drivers/usb/gadget/f_rmnet_smd.c b/drivers/usb/gadget/f_rmnet_smd.c
index 08a6799..b8dd3a5 100644
--- a/drivers/usb/gadget/f_rmnet_smd.c
+++ b/drivers/usb/gadget/f_rmnet_smd.c
@@ -534,8 +534,6 @@
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
| USB_CDC_SEND_ENCAPSULATED_COMMAND:
- if (w_length > req->length)
- goto invalid;
ret = w_length;
req->complete = rmnet_smd_command_complete;
req->context = dev;
diff --git a/drivers/usb/gadget/f_rmnet_smd_sdio.c b/drivers/usb/gadget/f_rmnet_smd_sdio.c
index b9120ca..eda547a 100644
--- a/drivers/usb/gadget/f_rmnet_smd_sdio.c
+++ b/drivers/usb/gadget/f_rmnet_smd_sdio.c
@@ -1110,8 +1110,6 @@
case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
| USB_CDC_SEND_ENCAPSULATED_COMMAND:
- if (w_length > req->length)
- goto invalid;
ret = w_length;
req->complete = rmnet_mux_command_complete;
req->context = dev;