Date: Fri, 15 Apr 2016 08:26:08 -0500
From: Bin Liu <b-liu@ti.com>
To: Tal Shorer <tal.shorer@gmail.com>
CC: <gregkh@linuxfoundation.org>, <linux-usb@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/1] usb: musb: gadget: nuke endpoint before setting its
 descriptor to NULL
Message-ID: <20160415132608.GA3876@uda0271908>
Mail-Followup-To: Bin Liu <b-liu@ti.com>, Tal Shorer <tal.shorer@gmail.com>,
	gregkh@linuxfoundation.org, linux-usb@vger.kernel.org,
	linux-kernel@vger.kernel.org
References: <1460651623-7022-1-git-send-email-tal.shorer@gmail.com>
 <1460651623-7022-2-git-send-email-tal.shorer@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1460651623-7022-2-git-send-email-tal.shorer@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1115
Lines: 41

Hi,

On Thu, Apr 14, 2016 at 07:33:43PM +0300, Tal Shorer wrote:
> Some functions, such as f_sourcesink, rely on an endpoint's desc
> field during their requests' complete() callback, so clear it only
> _after_ nuking all requests to avoid NULL pointer dereference.
> 
> Signed-off-by: Tal Shorer <tal.shorer@gmail.com>

Signed-off-by: Bin Liu <b-liu@ti.com>

Regards,
-Bin.

> ---
>  drivers/usb/musb/musb_gadget.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
> index 87bd578..152865b 100644
> --- a/drivers/usb/musb/musb_gadget.c
> +++ b/drivers/usb/musb/musb_gadget.c
> @@ -1164,12 +1164,12 @@ static int musb_gadget_disable(struct usb_ep *ep)
>  		musb_writew(epio, MUSB_RXMAXP, 0);
>  	}
>  
> -	musb_ep->desc = NULL;
> -	musb_ep->end_point.desc = NULL;
> -
>  	/* abort all pending DMA and requests */
>  	nuke(musb_ep, -ESHUTDOWN);
>  
> +	musb_ep->desc = NULL;
> +	musb_ep->end_point.desc = NULL;
> +
>  	schedule_work(&musb->irq_work);
>  
>  	spin_unlock_irqrestore(&(musb->lock), flags);
> -- 
> 2.5.0
>