[PATCH] usb: gadget: f_fs: edit epfile->ep under lock

From: Michal Nazarewicz
Date: Wed Sep 28 2016 - 12:10:42 EST

epfile->ep is protected by ffs->eps_lock (not epfile->mutex) so clear it
while holding the spin lock.

Signed-off-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
Fixes: 9353afbbfa7b
drivers/usb/gadget/function/f_fs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/functi=
index 0aeed85..759f5d4 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1725,17 +1725,17 @@ static void ffs_func_eps_disable(struct ffs_functio=
n *func)
unsigned long flags;
do {
- if (epfile)
- mutex_lock(&epfile->mutex);
spin_lock_irqsave(&func->ffs->eps_lock, flags);
/* pending requests get nuked */
if (likely(ep->ep))
+ if (epfile)
+ epfile->ep =3D NULL;
spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
if (epfile) {
- epfile->ep =3D NULL;
+ mutex_lock(&epfile->mutex);
epfile->read_buffer =3D NULL;
------- >8 -------------------------------------------------------------

With that done, the only thing which needs a mutex is

The read_buffer pointer shouldn=E2=80=99t be that big of an issue (it could=
protected by the same eps_lock). The real problem is freeing the

We cannot do it while __ffs_epfile_read_buffered is reading data from
it. We cannot blindly schedule it to happen later either since in the
meanwhile __ffs_epfile_read_buffered could have freed it.

Best regards
