Re: [PATCH 1/1] usb: musb: gadget: nuke endpoint before setting its descriptor to NULL
From: Bin Liu
Date: Fri Apr 15 2016 - 09:26:15 EST
Hi,
On Thu, Apr 14, 2016 at 07:33:43PM +0300, Tal Shorer wrote:
> Some functions, such as f_sourcesink, rely on an endpoint's desc
> field during their requests' complete() callback, so clear it only
> _after_ nuking all requests to avoid NULL pointer dereference.
>
> Signed-off-by: Tal Shorer <tal.shorer@xxxxxxxxx>
Signed-off-by: Bin Liu <b-liu@xxxxxx>
Regards,
-Bin.
> ---
> drivers/usb/musb/musb_gadget.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
> index 87bd578..152865b 100644
> --- a/drivers/usb/musb/musb_gadget.c
> +++ b/drivers/usb/musb/musb_gadget.c
> @@ -1164,12 +1164,12 @@ static int musb_gadget_disable(struct usb_ep *ep)
> musb_writew(epio, MUSB_RXMAXP, 0);
> }
>
> - musb_ep->desc = NULL;
> - musb_ep->end_point.desc = NULL;
> -
> /* abort all pending DMA and requests */
> nuke(musb_ep, -ESHUTDOWN);
>
> + musb_ep->desc = NULL;
> + musb_ep->end_point.desc = NULL;
> +
> schedule_work(&musb->irq_work);
>
> spin_unlock_irqrestore(&(musb->lock), flags);
> --
> 2.5.0
>