On 21-04-19 12:57:20, Wesley Cheng wrote:
> From: Hemant Kumar <hemantk@xxxxxxxxxxxxxx>
>
> Upon driver unbind usb_free_all_descriptors() function frees all
> speed descriptor pointers without setting them to NULL. In case
> gadget speed changes (i.e from super speed plus to super speed)
> after driver unbind only upto super speed descriptor pointers get
> populated. Super speed plus desc still holds the stale (already
> freed) pointer. Fix this issue by setting all descriptor pointers
> to NULL after freeing them in usb_free_all_descriptors().
>
> Signed-off-by: Hemant Kumar <hemantk@xxxxxxxxxxxxxx>
> Signed-off-by: Wesley Cheng <wcheng@xxxxxxxxxxxxxx>
> ---
> drivers/usb/gadget/config.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/usb/gadget/config.c b/drivers/usb/gadget/config.c
> index 2d11535..8bb2577 100644
> --- a/drivers/usb/gadget/config.c
> +++ b/drivers/usb/gadget/config.c
> @@ -194,9 +194,13 @@ EXPORT_SYMBOL_GPL(usb_assign_descriptors);
> void usb_free_all_descriptors(struct usb_function *f)
> {
> usb_free_descriptors(f->fs_descriptors);
> + f->fs_descriptors = NULL;
> usb_free_descriptors(f->hs_descriptors);
> + f->hs_descriptors = NULL;
> usb_free_descriptors(f->ss_descriptors);
> + f->ss_descriptors = NULL;
> usb_free_descriptors(f->ssp_descriptors);
> + f->ssp_descriptors = NULL;
> }
> EXPORT_SYMBOL_GPL(usb_free_all_descriptors);
>
Reviewed-by: Peter Chen <peter.chen@xxxxxxxxxx>
You may add Fixed-by tag, and cc to stable tree.
--
Thanks,
Peter Chen
