The USB MSC device structure contains a "ready" state that can be either "ready", "not ready" or "detached". The last one can only be assigned when the device is completely unresponsive and gets forcefully logically detached via usb_detach_device(). This call (at least in the current
version) also calls all destructors and frees the complete usbdev_t structure (including the MSC specific part), which unfortunately makes storing the "detached" state in that very structure a little pointless.
This patch reduces the "ready" value to a simple boolean and makes sure that all detachment cases immediately return from the MSC driver, carefully avoiding any use-after-free opportunities.
Change-Id: Iff1c0849f9ce7c95d399bb9a1a0a94469951194d
b59e850 libpayload: usbmsc: Remove DETACHED state from MSC device structure
payloads/libpayload/drivers/usb/usbmsc.c | 83 ++++++++----------------------
1 file changed, 22 insertions(+), 61 deletions(-)
Upstream: review.coreboot.org