From: Baolin Wang Date: Thu, 30 Jun 2016 09:10:23 +0000 (+0800) Subject: usb: gadget: Add the gserial port checking in gs_start_tx() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=511a36d2f357724312bb3776d2f6eed3890928b2;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git usb: gadget: Add the gserial port checking in gs_start_tx() When usb gadget is set gadget serial function, it will be crash in below situation. It will clean the 'port->port_usb' pointer in gserial_disconnect() function when usb link is inactive, but it will release lock for disabling the endpoints in this function. Druing the lock release period, it maybe complete one request to issue gs_write_complete()--->gs_start_tx() function, but the 'port->port_usb' pointer had been set NULL, thus it will be crash in gs_start_tx() function. This patch adds the 'port->port_usb' pointer checking in gs_start_tx() function to avoid this situation. Signed-off-by: Baolin Wang Signed-off-by: Felipe Balbi --- diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index 6ded6345cd09..e0cd1e4c8892 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -375,10 +375,15 @@ __acquires(&port->port_lock) */ { struct list_head *pool = &port->write_pool; - struct usb_ep *in = port->port_usb->in; + struct usb_ep *in; int status = 0; bool do_tty_wake = false; + if (!port->port_usb) + return status; + + in = port->port_usb->in; + while (!port->write_busy && !list_empty(pool)) { struct usb_request *req; int len;