usb: gadget: gadgetfs: Initialize CHIP to NULL before UDC probe
authorLubomir Rintel <lkundrak@v3.sk>
Thu, 27 Mar 2014 07:09:21 +0000 (08:09 +0100)
committerFelipe Balbi <balbi@ti.com>
Wed, 16 Apr 2014 15:11:46 +0000 (10:11 -0500)
Otherwise the value from the last probe would be retained that possibly is
freed since (the UDC is removed) and therefore no longer relevant. Reproducible
with the dummy UDC:

  modprobe dummy_hcd
  mount -t gadgetfs gadgetfs /dev/gadget
  umount /dev/gadget
  rmmod dummy_hcd
  mount -t gadgetfs gadgetfs /dev/gadget

BUG: unable to handle kernel paging request at ffffffffa066fd9d
Call Trace:
 [<ffffffff811d0cd2>] ? d_alloc_name+0x22/0x50
 [<ffffffff812b74dc>] ? selinux_d_instantiate+0x1c/0x20
 [<ffffffffa067d687>] gadgetfs_create_file+0x27/0xa0 [gadgetfs]
 [<ffffffffa067da70>] ? setup_req.isra.4+0x80/0x80 [gadgetfs]
 [<ffffffffa067dbac>] gadgetfs_fill_super+0x13c/0x180 [gadgetfs]
 [<ffffffff811bc832>] mount_single+0x92/0xc0
 [<ffffffffa067d0f8>] gadgetfs_mount+0x18/0x20 [gadgetfs]
 [<ffffffff811bc8f9>] mount_fs+0x39/0x1b0
 [<ffffffff8116b220>] ? __alloc_percpu+0x10/0x20
 [<ffffffff811d6da3>] vfs_kern_mount+0x63/0xf0
 [<ffffffff811d93be>] do_mount+0x23e/0xac0
 [<ffffffff811660eb>] ? strndup_user+0x4b/0xf0
 [<ffffffff811d9f63>] SyS_mount+0x83/0xc0
 [<ffffffff81695b69>] system_call_fastpath+0x16/0x1b

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Felipe Balbi <balbi@ti.com>
drivers/usb/gadget/inode.c

index b5be6f0308c270f2a844db3f00e7884380e5c2e6..a925d0cbcd4199d777071408f8e335119932b3ab 100644 (file)
@@ -2043,6 +2043,7 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
                return -ESRCH;
 
        /* fake probe to determine $CHIP */
+       CHIP = NULL;
        usb_gadget_probe_driver(&probe_driver);
        if (!CHIP)
                return -ENODEV;