From patchwork Mon Apr 30 16:20:54 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bin Liu <b-liu@ti.com>
X-Patchwork-Id: 10372065
Return-Path: <linux-usb-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	71CAD6032A for <patchwork-linux-usb@patchwork.kernel.org>;
	Mon, 30 Apr 2018 16:21:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6379728957
	for <patchwork-linux-usb@patchwork.kernel.org>;
	Mon, 30 Apr 2018 16:21:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 57DA528B62; Mon, 30 Apr 2018 16:21:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CEE7928957
	for <patchwork-linux-usb@patchwork.kernel.org>;
	Mon, 30 Apr 2018 16:21:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754863AbeD3QU6 (ORCPT
	<rfc822;patchwork-linux-usb@patchwork.kernel.org>);
	Mon, 30 Apr 2018 12:20:58 -0400
Received: from lelnx194.ext.ti.com ([198.47.27.80]:59073 "EHLO
	lelnx194.ext.ti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754857AbeD3QU4 (ORCPT
	<rfc822; linux-usb@vger.kernel.org>); Mon, 30 Apr 2018 12:20:56 -0400
Received: from dflxv15.itg.ti.com ([128.247.5.124])
	by lelnx194.ext.ti.com (8.15.1/8.15.1) with ESMTP id w3UGKtIM032269;
	Mon, 30 Apr 2018 11:20:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ti.com;
	s=ti-com-17Q1; t=1525105255;
	bh=V7ILkUyQEAxErOlzulLU+VIf6WweuqJEtHxEwOa2s7c=;
	h=From:To:CC:Subject:Date:In-Reply-To:References;
	b=FHsDR1YMEYduuGUzTn6qaK0Y1/NQ5rNHMC3ZyJOkEzrli7wlJ9Xm2Zu1pVN9OKyNY
	l8oLIJPgkXHOdSDUDZs55u1Y/zW5V+nZ1lLSqJ+EvF3Y6DAO0q7ShOHIxEDd/RKVMR
	5kaLBBV8EHN9sbFWt1sB9LGO5AeL9h8acZzMBxyw=
Received: from DLEE106.ent.ti.com (dlee106.ent.ti.com [157.170.170.36])
	by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id w3UGKt7U003477;
	Mon, 30 Apr 2018 11:20:55 -0500
Received: from DLEE105.ent.ti.com (157.170.170.35) by DLEE106.ent.ti.com
	(157.170.170.36) with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3;
	Mon, 30 Apr 2018 11:20:55 -0500
Received: from dflp32.itg.ti.com (10.64.6.15) by DLEE105.ent.ti.com
	(157.170.170.35) with Microsoft SMTP Server (version=TLS1_0,
	cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1466.3 via Frontend
	Transport; Mon, 30 Apr 2018 11:20:55 -0500
Received: from uda0271908.am.dhcp.ti.com (ileax41-snat.itg.ti.com
	[10.172.224.153])
	by dflp32.itg.ti.com (8.14.3/8.13.8) with ESMTP id w3UGKsdY014458;
	Mon, 30 Apr 2018 11:20:55 -0500
From: Bin Liu <b-liu@ti.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: <linux-usb@vger.kernel.org>, <stable@vger.kernel.org>,
	Bin Liu <b-liu@ti.com>
Subject: [PATCH 2/2] usb: musb: trace: fix NULL pointer dereference in
	musb_g_tx()
Date: Mon, 30 Apr 2018 11:20:54 -0500
Message-ID: <1525105254-2852-3-git-send-email-b-liu@ti.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1525105254-2852-1-git-send-email-b-liu@ti.com>
References: <1525105254-2852-1-git-send-email-b-liu@ti.com>
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180
Sender: linux-usb-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-usb.vger.kernel.org>
X-Mailing-List: linux-usb@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The usb_request pointer could be NULL in musb_g_tx(), where the
tracepoint call would trigger the NULL pointer dereference failure when
parsing the members of the usb_request pointer.

Move the tracepoint call to where the usb_request pointer is already
checked to solve the issue.

Fixes: fc78003e5345a("usb: musb: gadget: add usb-request tracepoints")

Cc: stable@vger.kernel.org # v4.8+
Signed-off-by: Bin Liu <b-liu@ti.com>
---
 drivers/usb/musb/musb_gadget.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
index e564695c6c8d..71c5835ea9cd 100644
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -417,7 +417,6 @@ void musb_g_tx(struct musb *musb, u8 epnum)
 	req = next_request(musb_ep);
 	request = &req->request;
 
-	trace_musb_req_tx(req);
 	csr = musb_readw(epio, MUSB_TXCSR);
 	musb_dbg(musb, "<== %s, txcsr %04x", musb_ep->end_point.name, csr);
 
@@ -456,6 +455,8 @@ void musb_g_tx(struct musb *musb, u8 epnum)
 		u8	is_dma = 0;
 		bool	short_packet = false;
 
+		trace_musb_req_tx(req);
+
 		if (dma && (csr & MUSB_TXCSR_DMAENAB)) {
 			is_dma = 1;
 			csr |= MUSB_TXCSR_P_WZC_BITS;