When failing to allocate report_desc, opts->refcnt has already been
incremented so it needs to be decremented to avoid leaving the options
structure permanently locked.
Fixes: 21a9476a7ba8 ("usb: gadget: hid: add configfs support")
Signed-off-by: John Keeping <[email protected]>
---
drivers/usb/gadget/function/f_hid.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index 8b8bbeaa27cb..6be6009f911e 100644
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -1292,6 +1292,7 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
GFP_KERNEL);
if (!hidg->report_desc) {
put_device(&hidg->dev);
+ --opts->refcnt;
mutex_unlock(&opts->lock);
return ERR_PTR(-ENOMEM);
}
--
2.38.1
W dniu 22.11.2022 o 13:35, John Keeping pisze:
> When failing to allocate report_desc, opts->refcnt has already been
> incremented so it needs to be decremented to avoid leaving the options
> structure permanently locked.
>
> Fixes: 21a9476a7ba8 ("usb: gadget: hid: add configfs support")
> Signed-off-by: John Keeping <[email protected]>
I'd personally place the bugfix before patches 1 and 3, but anyway
Reviewed-by: Andrzej Pietrasiewicz <[email protected]>
> ---
> drivers/usb/gadget/function/f_hid.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
> index 8b8bbeaa27cb..6be6009f911e 100644
> --- a/drivers/usb/gadget/function/f_hid.c
> +++ b/drivers/usb/gadget/function/f_hid.c
> @@ -1292,6 +1292,7 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
> GFP_KERNEL);
> if (!hidg->report_desc) {
> put_device(&hidg->dev);
> + --opts->refcnt;
> mutex_unlock(&opts->lock);
> return ERR_PTR(-ENOMEM);
> }
On Wed, Nov 23, 2022 at 12:55:14PM +0100, Andrzej Pietrasiewicz wrote:
> W dniu 22.11.2022 o?13:35, John Keeping pisze:
> > When failing to allocate report_desc, opts->refcnt has already been
> > incremented so it needs to be decremented to avoid leaving the options
> > structure permanently locked.
> >
> > Fixes: 21a9476a7ba8 ("usb: gadget: hid: add configfs support")
> > Signed-off-by: John Keeping <[email protected]>
>
> I'd personally place the bugfix before patches 1 and 3, but anyway
Patch 1 is also a bugfix, I ordered 1 & 2 based on the order of the
commits in the Fixes: tags.
> Reviewed-by: Andrzej Pietrasiewicz <[email protected]>
>
> > ---
> > drivers/usb/gadget/function/f_hid.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
> > index 8b8bbeaa27cb..6be6009f911e 100644
> > --- a/drivers/usb/gadget/function/f_hid.c
> > +++ b/drivers/usb/gadget/function/f_hid.c
> > @@ -1292,6 +1292,7 @@ static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
> > GFP_KERNEL);
> > if (!hidg->report_desc) {
> > put_device(&hidg->dev);
> > + --opts->refcnt;
> > mutex_unlock(&opts->lock);
> > return ERR_PTR(-ENOMEM);
> > }
>