From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752625AbbCJChM (ORCPT ); Mon, 9 Mar 2015 22:37:12 -0400 Received: from bear.ext.ti.com ([192.94.94.41]:46877 "EHLO bear.ext.ti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751824AbbCJChJ (ORCPT ); Mon, 9 Mar 2015 22:37:09 -0400 Date: Mon, 9 Mar 2015 21:36:23 -0500 From: Felipe Balbi To: Peter Chen CC: "balbi@ti.com" , Tapasweni Pathak , "gregkh@linuxfoundation.org" , "jg1.han@samsung.com" , "benoit.taine@lip6.fr" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "julia.lawall@lip6.fr" Subject: Re: [PATCH] drivers: usb: gadget: udc: Fix NULL dereference Message-ID: <20150310023623.GA31214@saruman.tx.rr.com> Reply-To: References: <20150303125841.GA9671@kt-Inspiron-3542> <20150304011118.GB23399@shlinux2> <20150309154156.GB3739@saruman.tx.rr.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 10, 2015 at 02:02:44AM +0000, Peter Chen wrote: > =20 > > > --- a/drivers/usb/gadget/udc/lpc32xx_udc.c > > > +++ b/drivers/usb/gadget/udc/lpc32xx_udc.c > > > @@ -1803,7 +1803,7 @@ static int lpc32xx_ep_queue(struct usb_ep *_ep, > > > req =3D container_of(_req, struct lpc32xx_request, req); > > > ep =3D container_of(_ep, struct lpc32xx_ep, ep); > > > > > > - if (!_req || !_req->complete || !_req->buf || > > > + if (!_ep || !_req || !_req->complete || !_req->buf || > > > !list_empty(&req->queue)) > > > return -EINVAL; > > > > > > @@ -1815,8 +1815,7 @@ static int lpc32xx_ep_queue(struct usb_ep *_ep, > > > } > > > > > > > > > - if ((!udc) || (!udc->driver) || > > > - (udc->gadget.speed =3D=3D USB_SPEED_UNKNOWN)) { > > > + if ((!udc->driver) || (udc->gadget.speed =3D=3D USB_SPEED_UNKNOWN)) > > { > > > dev_dbg(udc->dev, "invalid device\n"); > > > return -EINVAL; > > > } > >=20 > > what's going to happen here ? > >=20 >=20 > I just changed the current code, in fact, udc->driver is impossible to NU= LL which > is cleared at .udc_stop.=20 >=20 > The speed is possible for unknown if the reset has occurred at that time. oh, alright. --=20 balbi --azLHFNyN32YCQGCU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU/linAAoJEIaOsuA1yqREh3wP/R2MaTSpXmr9PiS1WhswHp0v lYbYsB4RyClbFDJgxQg5mmGP8+FygLzEWsJq8W3wg/onyU3AQPnZbETxgAmakYZK bqaVqndHFUDIcClf1yBLR0rTCLLDwvyq8TsrjEdyFncqxTPqvU6Aft/Rq6L5wc9Q zLeSrrsM2n1W0CdEDiRMim742KJlmx98pzdlf1w/iw9Q1zTABAd5JxL7W4FINPmC J6Mlyg+lmF8k/9i+f384HhzjSchauCePSjmQH4DzFq4n1wF2Jsyyb7RGnnFRbF27 jYjuvvOCN3nZv0NMKPZHCv7/8pTXF0ekcePK0OJb7GI3zAGD2wEs+BFRv3Mr8o4o u4QQJltDTM7cx6S7tQGSqGyd2U2+kh+jvru3uu2FH2f9pIB9TIzyOAo4Prubeb6C Wtf4lFNrvOVO0pAfn6pG0pHno151U83cScy9Cw5+tEmFQEXuNp9A0OULAM4Ylcqu pKpse1o72+GrAfzJuHs8k9zN0Ez42UjOlvdzA/jvwYFtV6yg4uyOD74UFEHGWvec kb75xGgf8HIhzeGgEM3/M0QhkrZWdYXLJq8eslNTNxXTWMn0PkAU8RzQCuKGDAYz fyXt6i8KFEm9VKzodUE4oqKdVEO/lki6lo3Jv5EQC/8fdWZ2ux+PHQjDFq6sSTjm IpinQB6UdRseDLFLWXX5 =7iQK -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--