| Message ID | 54102904.6060703@renesas.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
On Wed, Sep 10, 2014 at 07:33:40PM +0900, Yoshihiro Shimoda wrote: > This patch fixes an issue that the NULL pointer dereference happens > when we use g_audio driver. Since the g_audio driver will call > usb_ep_disable() in afunc_set_alt() before it calls usb_ep_enable(), > the uep->pipe of renesas usbhs driver will be NULL. So, this patch > adds a condition to avoid the oops. > > Signed-off-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com> > Signed-off-by: Takeshi Kihara <takeshi.kihara.df@renesas.com> > Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Which commit does this fix ? Do we need a Cc: stable ?
Hi Shimoda-san > --- a/drivers/usb/renesas_usbhs/mod_gadget.c > +++ b/drivers/usb/renesas_usbhs/mod_gadget.c > @@ -602,6 +602,9 @@ static int usbhsg_ep_disable(struct usb_ep *ep) > struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); > struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); > > + if (!uep || !uep->pipe) > + return -EINVAL; > + > usbhsg_pipe_disable(uep); > usbhs_pipe_free(pipe); If uep can be NULL, we need care about usbhsg_uep_to_pipe(uep) too. and, "uep->pipe" is same as "pipe" ? Best regards --- Kuninori Morimoto -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, (2014/09/10 22:49), Felipe Balbi wrote: > On Wed, Sep 10, 2014 at 07:33:40PM +0900, Yoshihiro Shimoda wrote: >> This patch fixes an issue that the NULL pointer dereference happens >> when we use g_audio driver. Since the g_audio driver will call >> usb_ep_disable() in afunc_set_alt() before it calls usb_ep_enable(), >> the uep->pipe of renesas usbhs driver will be NULL. So, this patch >> adds a condition to avoid the oops. >> >> Signed-off-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com> >> Signed-off-by: Takeshi Kihara <takeshi.kihara.df@renesas.com> >> Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> > > Which commit does this fix ? Do we need a Cc: stable ? > I think we need a Cc: stable in this patch because the previous code causes the oops. Best regards, Yoshihiro Shimoda -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Morimoto-san, (2014/09/11 8:56), Kuninori Morimoto wrote: > > Hi Shimoda-san > >> --- a/drivers/usb/renesas_usbhs/mod_gadget.c >> +++ b/drivers/usb/renesas_usbhs/mod_gadget.c >> @@ -602,6 +602,9 @@ static int usbhsg_ep_disable(struct usb_ep *ep) >> struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); >> struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); >> >> + if (!uep || !uep->pipe) >> + return -EINVAL; >> + >> usbhsg_pipe_disable(uep); >> usbhs_pipe_free(pipe); > > If uep can be NULL, > we need care about usbhsg_uep_to_pipe(uep) too. Thank you for the point. I will check the uep can be NULL or not. > and, "uep->pipe" is same as "pipe" ? Yes. I will use "pipe" instead of "uep->pipe". Best regards, Yoshihiro Shimoda > Best regards > --- > Kuninori Morimoto > -- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c index 04e6505..a582222 100644 --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -602,6 +602,9 @@ static int usbhsg_ep_disable(struct usb_ep *ep) struct usbhsg_uep *uep = usbhsg_ep_to_uep(ep); struct usbhs_pipe *pipe = usbhsg_uep_to_pipe(uep); + if (!uep || !uep->pipe) + return -EINVAL; + usbhsg_pipe_disable(uep); usbhs_pipe_free(pipe);