Hi, > From: Felipe Balbi [mailto:balbi@xxxxxx] > Sent: Wednesday, November 18, 2015 12:32 AM > > Hi, > > Yoshihiro Shimoda <yoshihiro.shimoda.uh@xxxxxxxxxxx> writes: > > This patch fixes an issue that NULL pointer dereference happens when > > a gadget driver calls usb_ep_dequeue() after usb_ep_disable(). > > > > Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@xxxxxxxxxxx> > > and which gadget driver is that ? Let's fix it. We should _not_ call > usb_ep_dequeue() after usb_ep_disable(). Thank you for your comment. I assumed that a gadget driver called usb_ep_dequeue() after usb_ep_disable(). However, it was wrong. This driver will call usbhsg_ep_dequeue() in usbhsg_try_stop(). So, if I disconnect a usb cable, and I uninstall a gadget driver, this issue happens because the dcp->pipe is NULL after disconnected a usb cable. So, I will revise the commit log as v2. (Also I would like to fix this issue fundamentally, but it is tough because behavior of start/stop and connect/disconnect in this driver is complicated.) Best regards, Yoshihiro Shimoda > -- > balbi -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
