On Sat, Jun 19, 2021 at 11:43:08PM +0800, Linyu Yuan wrote:
> currently most gadget driver have a pointer to save
> struct usb_gadget_driver from upper layer,
> it allow upper layer set and unset of the pointer.
>
> there is race that upper layer unset the pointer first,
> but gadget driver use the pointer later,
> and it cause system crash due to NULL pointer access.
This race has already been fixed in Greg's usb-next branch. See commit
7dc0c55e9f30 ("USB: UDC core: Add udc_async_callbacks gadget op") and
following commits 04145a03db9d ("USB: UDC: Implement
udc_async_callbacks in dummy-hcd") and b42e8090ba93 ("USB: UDC:
Implement udc_async_callbacks in net2280").
You just need to write a corresponding patch implementing the
async_callbacks op for dwc3.
Alan Stern
