This is a note to let you know that I've just added the patch titled usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: usb-gadget-f_fs-fix-unbalanced-spinlock-in-__ffs_ep0.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 011c7f14a336abfabb40828d0eae02a48c86baea Author: Udipto Goswami <quic_ugoswami@xxxxxxxxxxx> Date: Tue Jan 24 14:41:49 2023 +0530 usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait [ Upstream commit 921deb9da15851425ccbb6ee409dc2fd8fbdfe6b ] __ffs_ep0_queue_wait executes holding the spinlock of &ffs->ev.waitq.lock and unlocks it after the assignments to usb_request are done. However in the code if the request is already NULL we bail out returning -EINVAL but never unlocked the spinlock. Fix this by adding spin_unlock_irq &ffs->ev.waitq.lock before returning. Fixes: 6a19da111057 ("usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait") Reviewed-by: John Keeping <john@xxxxxxxxxxxx> Signed-off-by: Udipto Goswami <quic_ugoswami@xxxxxxxxxxx> Link: https://lore.kernel.org/r/20230124091149.18647-1-quic_ugoswami@xxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 94000fd190e5..8c48c9f801be 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -278,8 +278,10 @@ static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len) struct usb_request *req = ffs->ep0req; int ret; - if (!req) + if (!req) { + spin_unlock_irq(&ffs->ev.waitq.lock); return -EINVAL; + } req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);