* [PATCH USB] usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
@ 2020-05-13 18:01 Andrey Konovalov
0 siblings, 0 replies; only message in thread
From: Andrey Konovalov @ 2020-05-13 18:01 UTC (permalink / raw)
To: Felipe Balbi
Cc: linux-usb, linux-kernel, Greg Kroah-Hartman, Alan Stern,
Dmitry Vyukov, Andrey Konovalov
Currently we preassign gadget endpoints to raw-gadget endpoints during
initialization. Fix resetting this assignment in raw_ioctl_ep_disable(),
otherwise we will get null-ptr-derefs when an endpoint is reenabled.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
Felipe, this is technically a fix for "usb: raw-gadget: fix gadget
endpoint selection", which AFAICS is already in your testing/fixes tree.
Please let me know if you would like me resend that patch with this fix
folded in.
---
drivers/usb/gadget/legacy/raw_gadget.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c
index d73ba77014c8..e01e366d89cd 100644
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -867,7 +867,6 @@ static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
spin_lock_irqsave(&dev->lock, flags);
usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
kfree(dev->eps[i].ep->desc);
- dev->eps[i].ep = NULL;
dev->eps[i].state = STATE_EP_DISABLED;
dev->eps[i].disabling = false;
--
2.26.2.645.ge9eca65c58-goog
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-05-13 18:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-13 18:01 [PATCH USB] usb: raw-gadget: fix null-ptr-deref when reenabling endpoints Andrey Konovalov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.