There is a corner case that endpoint is disabled by system shutdown
between check ep->desc and hold spin lock in mv_ep_queue. In this
case ep->ep.desc will be NULL and occur kernel panic when access
it in build_dtd.
Signed-off-by: Neil Zhang <zhangwm@xxxxxxxxxxx>
---
drivers/usb/gadget/mv_udc_core.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/usb/gadget/mv_udc_core.c b/drivers/usb/gadget/mv_udc_core.c
index d5a9bdf..a620cff 100644
--- a/drivers/usb/gadget/mv_udc_core.c
+++ b/drivers/usb/gadget/mv_udc_core.c
@@ -734,6 +734,14 @@ mv_ep_queue(struct usb_ep *_ep, struct usb_request *_req, gfp_t gfp_flags)
spin_lock_irqsave(&udc->lock, flags);
+ if (!ep->ep.desc) {
+ spin_unlock_irqrestore(&udc->lock, flags);
+ dev_info(&udc->dev->dev,
+ "%s is already disabled!\n", ep->name);
+ retval = -EINVAL;
+ goto err_unmap_dma;
+ }
+
/* build dtds and push them to device queue */
if (!req_to_dtd(req)) {
retval = queue_dtd(ep, req);
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
