[PATCH USB] usb: raw-gadget: fix null-ptr-deref when reenabling endpoints

From: Andrey Konovalov
Date: Wed May 13 2020 - 14:01:53 EST

Next message: Jérôme Pouiller: "Re: [PATCH] wfx: typo fix"
Previous message: Andrew Lunn: "Re: [PATCH net-next v1] net: phy: tja11xx: add cable-test support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently we preassign gadget endpoints to raw-gadget endpoints during
initialization. Fix resetting this assignment in raw_ioctl_ep_disable(),
otherwise we will get null-ptr-derefs when an endpoint is reenabled.

Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
---

Felipe, this is technically a fix for "usb: raw-gadget: fix gadget
endpoint selection", which AFAICS is already in your testing/fixes tree.
Please let me know if you would like me resend that patch with this fix
folded in.

---
drivers/usb/gadget/legacy/raw_gadget.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c
index d73ba77014c8..e01e366d89cd 100644
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -867,7 +867,6 @@ static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
spin_lock_irqsave(&dev->lock, flags);
usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
kfree(dev->eps[i].ep->desc);
- dev->eps[i].ep = NULL;
dev->eps[i].state = STATE_EP_DISABLED;
dev->eps[i].disabling = false;

--
2.26.2.645.ge9eca65c58-goog

Next message: Jérôme Pouiller: "Re: [PATCH] wfx: typo fix"
Previous message: Andrew Lunn: "Re: [PATCH net-next v1] net: phy: tja11xx: add cable-test support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]