From 1bd8794e32f374722c198764941baf54d0db4def Mon Sep 17 00:00:00 2001
From: Dongwoo Lee <dwoo08.lee@samsung.com>
Date: Fri, 6 Mar 2020 14:04:13 +0900
Subject: [PATCH] usb: dwc2: gadget: Expand buffer size of control endpoint

We found the case that buffer of control endpoint, which was allocated
with 8 bytes previously, is corrupted when the host races for setting
up interfaces. Even worse, it overwrites memory for other structure
such as usb_request for control endpoint and it causes kernel panic.
Especially in Tizen, it often happens when the target is configured as
multi-functional device: sdb + mtp.

In our emprical examination the buffer can be corrupted upto size of
456 bytes. With this result, the size of buffer will be enlarged to
512 bytes to prevent kernel panic even if it happens.

Change-Id: I20eb1283f3c82e09453960b72787175f734e7ec4
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
---
 drivers/usb/dwc2/core.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/dwc2/core.h b/drivers/usb/dwc2/core.h
index 93d7078..5913cad 100644
--- a/drivers/usb/dwc2/core.h
+++ b/drivers/usb/dwc2/core.h
@@ -685,7 +685,7 @@ struct dwc2_hw_params {
 };
 
 /* Size of control and EP0 buffers */
-#define DWC2_CTRL_BUFF_SIZE 8
+#define DWC2_CTRL_BUFF_SIZE 512
 
 /**
  * struct dwc2_gregs_backup - Holds global registers state before
-- 
2.7.4