diff mbox series

[USB] usb: raw-gadget: fix null-ptr-deref when reenabling endpoints

Message ID 76557d920a125f6e42b3dc46d3ae84bffbe9a2f9.1589392709.git.andreyknvl@google.com (mailing list archive)
State Mainlined
Commit da39b5ee40bc00ae3edb4ae4e205b10bc52f980e
Headers show
Series [USB] usb: raw-gadget: fix null-ptr-deref when reenabling endpoints | expand

Commit Message

Andrey Konovalov May 13, 2020, 6:01 p.m. UTC 
Currently we preassign gadget endpoints to raw-gadget endpoints during
initialization. Fix resetting this assignment in raw_ioctl_ep_disable(),
otherwise we will get null-ptr-derefs when an endpoint is reenabled.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---

Felipe, this is technically a fix for "usb: raw-gadget: fix gadget
endpoint selection", which AFAICS is already in your testing/fixes tree.
Please let me know if you would like me resend that patch with this fix
folded in.

---
 drivers/usb/gadget/legacy/raw_gadget.c | 1 -
 1 file changed, 1 deletion(-)
diff mbox series

Patch

diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c
index d73ba77014c8..e01e366d89cd 100644
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -867,7 +867,6 @@  static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
 	spin_lock_irqsave(&dev->lock, flags);
 	usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
 	kfree(dev->eps[i].ep->desc);
-	dev->eps[i].ep = NULL;
 	dev->eps[i].state = STATE_EP_DISABLED;
 	dev->eps[i].disabling = false;