[PATCH 1/4] usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()
This patch fixes an issue that the NULL pointer dereference happens when we use g_audio driver. Since the g_audio driver will call usb_ep_disable() in afunc_set_alt() before it calls usb_ep_enable(), the uep-pipe of renesas usbhs driver will be NULL. So, this patch adds a condition to avoid the oops. Signed-off-by: Kazuya Mizuguchi kazuya.mizuguchi...@renesas.com Signed-off-by: Takeshi Kihara takeshi.kihara...@renesas.com Signed-off-by: Yoshihiro Shimoda yoshihiro.shimoda...@renesas.com --- drivers/usb/renesas_usbhs/mod_gadget.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c index 04e6505..a58 100644 --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -602,6 +602,9 @@ static int usbhsg_ep_disable(struct usb_ep *ep) struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); + if (!uep || !uep-pipe) + return -EINVAL; + usbhsg_pipe_disable(uep); usbhs_pipe_free(pipe); -- 1.7.9.5 -- To unsubscribe from this list: send the line unsubscribe linux-usb in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()
On Wed, Sep 10, 2014 at 07:33:40PM +0900, Yoshihiro Shimoda wrote: This patch fixes an issue that the NULL pointer dereference happens when we use g_audio driver. Since the g_audio driver will call usb_ep_disable() in afunc_set_alt() before it calls usb_ep_enable(), the uep-pipe of renesas usbhs driver will be NULL. So, this patch adds a condition to avoid the oops. Signed-off-by: Kazuya Mizuguchi kazuya.mizuguchi...@renesas.com Signed-off-by: Takeshi Kihara takeshi.kihara...@renesas.com Signed-off-by: Yoshihiro Shimoda yoshihiro.shimoda...@renesas.com Which commit does this fix ? Do we need a Cc: stable ? -- balbi signature.asc Description: Digital signature
Re: [PATCH 1/4] usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()
Hi Shimoda-san --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -602,6 +602,9 @@ static int usbhsg_ep_disable(struct usb_ep *ep) struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); + if (!uep || !uep-pipe) + return -EINVAL; + usbhsg_pipe_disable(uep); usbhs_pipe_free(pipe); If uep can be NULL, we need care about usbhsg_uep_to_pipe(uep) too. and, uep-pipe is same as pipe ? Best regards --- Kuninori Morimoto -- To unsubscribe from this list: send the line unsubscribe linux-usb in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()
Hi, (2014/09/10 22:49), Felipe Balbi wrote: On Wed, Sep 10, 2014 at 07:33:40PM +0900, Yoshihiro Shimoda wrote: This patch fixes an issue that the NULL pointer dereference happens when we use g_audio driver. Since the g_audio driver will call usb_ep_disable() in afunc_set_alt() before it calls usb_ep_enable(), the uep-pipe of renesas usbhs driver will be NULL. So, this patch adds a condition to avoid the oops. Signed-off-by: Kazuya Mizuguchi kazuya.mizuguchi...@renesas.com Signed-off-by: Takeshi Kihara takeshi.kihara...@renesas.com Signed-off-by: Yoshihiro Shimoda yoshihiro.shimoda...@renesas.com Which commit does this fix ? Do we need a Cc: stable ? I think we need a Cc: stable in this patch because the previous code causes the oops. Best regards, Yoshihiro Shimoda -- To unsubscribe from this list: send the line unsubscribe linux-usb in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] usb: renesas_usbhs: gadget: fix NULL pointer dereference in ep_disable()
Hi Morimoto-san, (2014/09/11 8:56), Kuninori Morimoto wrote: Hi Shimoda-san --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -602,6 +602,9 @@ static int usbhsg_ep_disable(struct usb_ep *ep) struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); +if (!uep || !uep-pipe) +return -EINVAL; + usbhsg_pipe_disable(uep); usbhs_pipe_free(pipe); If uep can be NULL, we need care about usbhsg_uep_to_pipe(uep) too. Thank you for the point. I will check the uep can be NULL or not. and, uep-pipe is same as pipe ? Yes. I will use pipe instead of uep-pipe. Best regards, Yoshihiro Shimoda Best regards --- Kuninori Morimoto -- To unsubscribe from this list: send the line unsubscribe linux-usb in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
