[PATCH 4.8 48/49] usb: gadget: f_fs: edit epfile->ep under lock
From: Greg Kroah-Hartman
Date: Sat Nov 19 2016 - 04:27:46 EST
4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Nazarewicz <mina86@xxxxxxxxxx>
commit 454915dde06a51133750c6745f0ba57361ba209d upstream.
epfile->ep is protected by ffs->eps_lock (not epfile->mutex) so clear it
while holding the spin lock.
Tested-by: John Stultz <john.stultz@xxxxxxxxxx>
Tested-by: Chen Yu <chenyu56@xxxxxxxxxx>
Signed-off-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
Signed-off-by: Felipe Balbi <felipe.balbi@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/usb/gadget/function/f_fs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1722,17 +1722,17 @@ static void ffs_func_eps_disable(struct
unsigned long flags;
do {
- if (epfile)
- mutex_lock(&epfile->mutex);
spin_lock_irqsave(&func->ffs->eps_lock, flags);
/* pending requests get nuked */
if (likely(ep->ep))
usb_ep_disable(ep->ep);
++ep;
+ if (epfile)
+ epfile->ep = NULL;
spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
if (epfile) {
- epfile->ep = NULL;
+ mutex_lock(&epfile->mutex);
kfree(epfile->read_buffer);
epfile->read_buffer = NULL;
mutex_unlock(&epfile->mutex);