From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751858AbbCJCSO (ORCPT ); Mon, 9 Mar 2015 22:18:14 -0400 Received: from mail-by2on0142.outbound.protection.outlook.com ([207.46.100.142]:18339 "EHLO na01-by2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751429AbbCJCSN convert rfc822-to-8bit (ORCPT ); Mon, 9 Mar 2015 22:18:13 -0400 From: Peter Chen To: "balbi@ti.com" CC: Tapasweni Pathak , "gregkh@linuxfoundation.org" , "jg1.han@samsung.com" , "benoit.taine@lip6.fr" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "julia.lawall@lip6.fr" Subject: RE: [PATCH] drivers: usb: gadget: udc: Fix NULL dereference Thread-Topic: [PATCH] drivers: usb: gadget: udc: Fix NULL dereference Thread-Index: AQHQVbHN5PtqKKfrfE+jaRC7F9T32p0MCvUAgAhIzACAAKs4EA== Date: Tue, 10 Mar 2015 02:02:44 +0000 Message-ID: References: <20150303125841.GA9671@kt-Inspiron-3542> <20150304011118.GB23399@shlinux2> <20150309154156.GB3739@saruman.tx.rr.com> In-Reply-To: <20150309154156.GB3739@saruman.tx.rr.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.88.158.211] authentication-results: ti.com; dkim=none (message not signed) header.d=none; x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB0849; x-forefront-antispam-report: BMV:1;SFV:NSPM;SFS:(10019020)(6009001)(51704005)(2351001)(76576001)(33656002)(92566002)(87936001)(122556002)(54356999)(50986999)(40100003)(99286002)(76176999)(106116001)(110136001)(2950100001)(74316001)(2501003)(46102003)(102836002)(66066001)(2656002)(77156002)(62966003)(86362001)(2900100001);DIR:OUT;SFP:1102;SCL:1;SRVR:BN3PR0301MB0849;H:BN3PR0301MB0849.namprd03.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(5002009)(5005006);SRVR:BN3PR0301MB0849;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB0849; x-forefront-prvs: 051158ECBB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-OriginatorOrg: freescale.com X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2015 02:02:44.1304 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 710a03f5-10f6-4d38-9ff4-a80b81da590d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB0849 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > --- a/drivers/usb/gadget/udc/lpc32xx_udc.c > > +++ b/drivers/usb/gadget/udc/lpc32xx_udc.c > > @@ -1803,7 +1803,7 @@ static int lpc32xx_ep_queue(struct usb_ep *_ep, > > req = container_of(_req, struct lpc32xx_request, req); > > ep = container_of(_ep, struct lpc32xx_ep, ep); > > > > - if (!_req || !_req->complete || !_req->buf || > > + if (!_ep || !_req || !_req->complete || !_req->buf || > > !list_empty(&req->queue)) > > return -EINVAL; > > > > @@ -1815,8 +1815,7 @@ static int lpc32xx_ep_queue(struct usb_ep *_ep, > > } > > > > > > - if ((!udc) || (!udc->driver) || > > - (udc->gadget.speed == USB_SPEED_UNKNOWN)) { > > + if ((!udc->driver) || (udc->gadget.speed == USB_SPEED_UNKNOWN)) > { > > dev_dbg(udc->dev, "invalid device\n"); > > return -EINVAL; > > } > > what's going to happen here ? > I just changed the current code, in fact, udc->driver is impossible to NULL which is cleared at .udc_stop. The speed is possible for unknown if the reset has occurred at that time. Peter