usb: dwc2: gadget: Expand buffer size of control endpoint

We found the case that buffer of control endpoint, which was allocated
with 8 bytes previously, is corrupted when the host races for setting
up interfaces. Even worse, it overwrites memory for other structure
such as usb_request for control endpoint and it causes kernel panic.
Especially in Tizen, it often happens when the target is configured as
multi-functional device: sdb + mtp.

In our emprical examination the buffer can be corrupted upto size of
456 bytes. With this result, the size of buffer will be enlarged to
512 bytes to prevent kernel panic even if it happens.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
(cherry picked from commit 4039de56979d2fb4d1cd7acf99e3b0215337a08d)
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Change-Id: I8e9b04a9f290523147cc93686cc9de95ceeb4c00

diff --git a/drivers/usb/dwc2/core.h b/drivers/usb/dwc2/core.h
index faf40c1..10f41ba 100644 (file)
--- a/drivers/usb/dwc2/core.h
+++ b/drivers/usb/dwc2/core.h
@@ -659,7 +659,7 @@ struct dwc2_hw_params {
 };
 
 /* Size of control and EP0 buffers */
-#define DWC2_CTRL_BUFF_SIZE 8
+#define DWC2_CTRL_BUFF_SIZE 512
 
 /**
  * struct dwc2_gregs_backup - Holds global registers state before