From 607fb0f4d90cc9a4463bcb17c1417d8a709dfda1 Mon Sep 17 00:00:00 2001 From: Tal Shorer Date: Mon, 25 Apr 2016 15:53:29 -0500 Subject: [PATCH] usb: musb: gadget: nuke endpoint before setting its descriptor to NULL Some functions, such as f_sourcesink, rely on an endpoint's desc field during their requests' complete() callback, so clear it only _after_ nuking all requests to avoid NULL pointer dereference. Signed-off-by: Tal Shorer Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman --- drivers/usb/musb/musb_gadget.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c index 87bd578799a8..152865b36522 100644 --- a/drivers/usb/musb/musb_gadget.c +++ b/drivers/usb/musb/musb_gadget.c @@ -1164,12 +1164,12 @@ static int musb_gadget_disable(struct usb_ep *ep) musb_writew(epio, MUSB_RXMAXP, 0); } - musb_ep->desc = NULL; - musb_ep->end_point.desc = NULL; - /* abort all pending DMA and requests */ nuke(musb_ep, -ESHUTDOWN); + musb_ep->desc = NULL; + musb_ep->end_point.desc = NULL; + schedule_work(&musb->irq_work); spin_unlock_irqrestore(&(musb->lock), flags); -- 2.20.1