| Message ID | 20240929-fixes9p-v1-1-40000d94d836@pengutronix.de (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | net/9p/usbg: dont call usb9pfs_clear_tx if client is not connected | expand |
Please drop this patch for now. I will have to do some more testing regarding the prompt connect mount and disconnect state changes and will come back with a proper solution. On Sun, Sep 29, 2024 at 09:22:55PM +0200, Michael Grzeschik wrote: >When the client is not Connected it is not valid to call >usb9pfs_clear_tx since the endpoints are not even allocated. By running >into p9_usbg_close in that case we would dereference the in_req which is >NULL when the client->status is Disconnected. Fix that by leaving >usb9pfs_clear_tx immediately if the state is wrong. > >We also update the client->status after the for usb9pfs_clear_tx to >check for the actual state when running from p9_usbg_close. > >Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de> >--- > net/9p/trans_usbg.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > >diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c >index 975b76839dca1..64a5209943dbc 100644 >--- a/net/9p/trans_usbg.c >+++ b/net/9p/trans_usbg.c >@@ -417,6 +417,10 @@ static void usb9pfs_clear_tx(struct f_usb9pfs *usb9pfs) > { > struct p9_req_t *req; > >+ /* we are not allocated - return */ >+ if (usb9pfs->client->status != Connected) >+ return; >+ > guard(spinlock_irqsave)(&usb9pfs->lock); > > req = usb9pfs->in_req->context; >@@ -442,10 +446,10 @@ static void p9_usbg_close(struct p9_client *client) > if (!usb9pfs) > return; > >- client->status = Disconnected; >- > usb9pfs_clear_tx(usb9pfs); > >+ client->status = Disconnected; >+ > opts = container_of(usb9pfs->function.fi, > struct f_usb9pfs_opts, func_inst); > > >--- >base-commit: 68d4209158f43a558c5553ea95ab0c8975eab18c >change-id: 20240929-fixes9p-5d618bbe6d6b > >Best regards, >-- >Michael Grzeschik <m.grzeschik@pengutronix.de> > >
diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c index 975b76839dca1..64a5209943dbc 100644 --- a/net/9p/trans_usbg.c +++ b/net/9p/trans_usbg.c @@ -417,6 +417,10 @@ static void usb9pfs_clear_tx(struct f_usb9pfs *usb9pfs) { struct p9_req_t *req; + /* we are not allocated - return */ + if (usb9pfs->client->status != Connected) + return; + guard(spinlock_irqsave)(&usb9pfs->lock); req = usb9pfs->in_req->context; @@ -442,10 +446,10 @@ static void p9_usbg_close(struct p9_client *client) if (!usb9pfs) return; - client->status = Disconnected; - usb9pfs_clear_tx(usb9pfs); + client->status = Disconnected; + opts = container_of(usb9pfs->function.fi, struct f_usb9pfs_opts, func_inst);
When the client is not Connected it is not valid to call usb9pfs_clear_tx since the endpoints are not even allocated. By running into p9_usbg_close in that case we would dereference the in_req which is NULL when the client->status is Disconnected. Fix that by leaving usb9pfs_clear_tx immediately if the state is wrong. We also update the client->status after the for usb9pfs_clear_tx to check for the actual state when running from p9_usbg_close. Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de> --- net/9p/trans_usbg.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- base-commit: 68d4209158f43a558c5553ea95ab0c8975eab18c change-id: 20240929-fixes9p-5d618bbe6d6b Best regards,