From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753249AbbCJUvd (ORCPT ); Tue, 10 Mar 2015 16:51:33 -0400 Received: from arroyo.ext.ti.com ([192.94.94.40]:60966 "EHLO arroyo.ext.ti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751345AbbCJUvb (ORCPT ); Tue, 10 Mar 2015 16:51:31 -0400 Date: Tue, 10 Mar 2015 15:50:45 -0500 From: Felipe Balbi To: Peter Chen CC: "balbi@ti.com" , Tapasweni Pathak , "gregkh@linuxfoundation.org" , "jg1.han@samsung.com" , "benoit.taine@lip6.fr" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "julia.lawall@lip6.fr" Subject: Re: [PATCH] drivers: usb: gadget: udc: Fix NULL dereference Message-ID: <20150310205045.GC18456@saruman.tx.rr.com> Reply-To: References: <20150303125841.GA9671@kt-Inspiron-3542> <20150304011118.GB23399@shlinux2> <20150309154156.GB3739@saruman.tx.rr.com> <20150310023623.GA31214@saruman.tx.rr.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KN5l+BnMqAQyZLvT" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --KN5l+BnMqAQyZLvT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 10, 2015 at 03:00:49AM +0000, Peter Chen wrote: > =20 > > On Tue, Mar 10, 2015 at 02:02:44AM +0000, Peter Chen wrote: > > > > > > > > --- a/drivers/usb/gadget/udc/lpc32xx_udc.c > > > > > +++ b/drivers/usb/gadget/udc/lpc32xx_udc.c > > > > > @@ -1803,7 +1803,7 @@ static int lpc32xx_ep_queue(struct usb_ep *= _ep, > > > > > req =3D container_of(_req, struct lpc32xx_request, req); > > > > > ep =3D container_of(_ep, struct lpc32xx_ep, ep); > > > > > > > > > > - if (!_req || !_req->complete || !_req->buf || > > > > > + if (!_ep || !_req || !_req->complete || !_req->buf || > > > > > !list_empty(&req->queue)) > > > > > return -EINVAL; > > > > > > > > > > @@ -1815,8 +1815,7 @@ static int lpc32xx_ep_queue(struct usb_ep *= _ep, > > > > > } > > > > > > > > > > > > > > > - if ((!udc) || (!udc->driver) || > > > > > - (udc->gadget.speed =3D=3D USB_SPEED_UNKNOWN)) { > > > > > + if ((!udc->driver) || (udc->gadget.speed =3D=3D USB_SPEED_UNKNO= WN)) > > > > { > > > > > dev_dbg(udc->dev, "invalid device\n"); > > > > > return -EINVAL; > > > > > } > > > > > > > > what's going to happen here ? > > > > > > > > > > I just changed the current code, in fact, udc->driver is impossible to > > > NULL which is cleared at .udc_stop. > > > > > > The speed is possible for unknown if the reset has occurred at that t= ime. > >=20 > > oh, alright. >=20 > Do you need me or Tapasweni send patch for this? if there's anything to be fixed, sure. --=20 balbi --KN5l+BnMqAQyZLvT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU/1klAAoJEIaOsuA1yqREKNEQAKmFiWQGkkeG3lMFgVibb4Y7 ZO/DPJRUOZ2p4GoWzjo2ABWQl96zVtGol50lmQ0F4YRdhM6KTAGvxiUbd933Fa2/ ESKA24tJhMlifQCBZl0xxXlT7l3e2itX5L3GT1E1rgjjSTmcnazM00LCLHUdMJt/ G9UQKHqWX6khG4NjZFmueNbmqGEmwcgJEqjoMQUgqSJznOaOjjuM8fRoGKKN8E7O yKiFyBXLH4ygLtvJ6xnru+q7in4001r1oDvT29Kt+iv2L196egtJxMpdn+/fdY96 drbfi3NWUyuTROYxefNGtSwad4X6eUZGm60hQgsY2l1opMXHkYNXAd/7MESAzlpn Mnhb5BHiC8uSL5XNEfEN1IRLWckGP+A5GKg4CGZ3PgiCPYAPVALEr45VzqVLbU+S Z9TE7bt0MvwM/teZ91KEM8HNN6Y/k22owRKm4l3E7DMFY69ksBu3ZSmql1DL+wNT H6sdAR36LVWYafjl8ZhFgdOs5VonVGNwO/mZgr8cshii2EGNN38XHUa4fk4hJJ4q eTWX8cRebUOW4QP/mzjNqBAJqo6rTGGWLiypYLwHhAb50CSAMEytKYlojjOmLFYn 4yWIIPcteyiYtlyBhS+vKf0Z0/VioCXMoOlFZtECmx1DIrJNlr0IrYwzVOCA4kbH /QZrK6ZKN30GeqyhEGDz =V1IX -----END PGP SIGNATURE----- --KN5l+BnMqAQyZLvT--