Re: [PATCH] usb: gadget: f_fs: don't free buffer prematurely
From: mgautam
Date: Tue Mar 19 2019 - 23:31:11 EST
On 2019-03-20 04:55, fei.yang@xxxxxxxxx wrote:
From: Fei Yang <fei.yang@xxxxxxxxx>
The following kernel panic happens due to the io_data buffer gets
deallocated
before the async io is completed. Add a check for the case where
io_data buffer
should be deallocated by ffs_user_copy_worker.
[snip]
Please add tag - 'Fixes: 772a7a724f6 ("usb: gadget: f_fs: Allow
scatter-gather buffers")
---
drivers/usb/gadget/function/f_fs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_fs.c
b/drivers/usb/gadget/function/f_fs.c
index 20413c2..47be961 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1133,7 +1133,8 @@ static ssize_t ffs_epfile_io(struct file *file,
struct ffs_io_data *io_data)
error_mutex:
mutex_unlock(&epfile->mutex);
error:
- ffs_free_buffer(io_data);
+ if (ret != -EIOCBQUEUED) /* don't free if there is iocb queued */
+ ffs_free_buffer(io_data);
return ret;
}