commit f226708(usb: gadget: composite: dequeue cdev->req before free it in
composite_dev_cleanup) fixed a bug: free the usb request(i.e. cdev->req) but
does not dequeue it beforehand. This fix is not proper enough because it
dequeues the request after free its data buffer, considering the hardware can
access the buffer's memory anytime before the request's complettion rountine
runs, and usb_ep_dequeue always call the complettion rountine before it returns,
so the best way is to dequeue the request before free its buffer.
Suggested-by: Felipe Balbi <balbi@xxxxxx>
Signed-off-by: Li Jun <b47624@xxxxxxxxxxxxx>
---
drivers/usb/gadget/composite.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index 6935a82..4514e73 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -1955,8 +1955,8 @@ void composite_dev_cleanup(struct usb_composite_dev *cdev)
usb_ep_free_request(cdev->gadget->ep0, cdev->os_desc_req);
}
if (cdev->req) {
- kfree(cdev->req->buf);
usb_ep_dequeue(cdev->gadget->ep0, cdev->req);
+ kfree(cdev->req->buf);
usb_ep_free_request(cdev->gadget->ep0, cdev->req);
}
cdev->next_string_id = 0;
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
