3.16.54-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Alexander Popov <alpopov@xxxxxxxxxxxxxx> commit 8c7003a3b4b4afd3734cdcc39217ef22d78a4a16 upstream. Fix NULL pointer dereference and obsolete comments forgotten when usbip server was converted from an interface driver to a device driver. Signed-off-by: Alexander Popov <alpopov@xxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> [bwh: Backported to 3.16: adjust filenames] Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> --- drivers/staging/usbip/stub.h | 1 - drivers/staging/usbip/stub_dev.c | 4 ++-- drivers/staging/usbip/stub_rx.c | 19 +++++++------------ drivers/staging/usbip/stub_tx.c | 6 +++--- 4 files changed, 12 insertions(+), 18 deletions(-) --- a/drivers/staging/usbip/stub.h +++ b/drivers/staging/usbip/stub.h @@ -33,7 +33,6 @@ #define STUB_BUSID_ALLOC 3 struct stub_device { - struct usb_interface *interface; struct usb_device *udev; struct usbip_device ud; --- a/drivers/staging/usbip/stub_dev.c +++ b/drivers/staging/usbip/stub_dev.c @@ -246,7 +246,7 @@ static void stub_device_reset(struct usb dev_dbg(&udev->dev, "device reset"); - ret = usb_lock_device_for_reset(udev, sdev->interface); + ret = usb_lock_device_for_reset(udev, NULL); if (ret < 0) { dev_err(&udev->dev, "lock for reset\n"); spin_lock_irq(&ud->lock); @@ -279,7 +279,7 @@ static void stub_device_unusable(struct /** * stub_device_alloc - allocate a new stub_device struct - * @interface: usb_interface of a new device + * @udev: usb_device of a new device * * Allocates and initializes a new stub_device struct. */ --- a/drivers/staging/usbip/stub_rx.c +++ b/drivers/staging/usbip/stub_rx.c @@ -165,12 +165,7 @@ static int tweak_reset_device_cmd(struct dev_info(&urb->dev->dev, "usb_queue_reset_device\n"); - /* - * With the implementation of pre_reset and post_reset the driver no - * longer unbinds. This allows the use of synchronous reset. - */ - - if (usb_lock_device_for_reset(sdev->udev, sdev->interface) < 0) { + if (usb_lock_device_for_reset(sdev->udev, NULL) < 0) { dev_err(&urb->dev->dev, "could not obtain lock to reset device\n"); return 0; } @@ -321,7 +316,7 @@ static struct stub_priv *stub_priv_alloc priv = kmem_cache_zalloc(stub_priv_cache, GFP_ATOMIC); if (!priv) { - dev_err(&sdev->interface->dev, "alloc stub_priv\n"); + dev_err(&sdev->udev->dev, "alloc stub_priv\n"); spin_unlock_irqrestore(&sdev->priv_lock, flags); usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); return NULL; @@ -352,7 +347,7 @@ static int get_pipe(struct stub_device * else ep = udev->ep_out[epnum & 0x7f]; if (!ep) { - dev_err(&sdev->interface->dev, "no such endpoint?, %d\n", + dev_err(&sdev->udev->dev, "no such endpoint?, %d\n", epnum); BUG(); } @@ -387,7 +382,7 @@ static int get_pipe(struct stub_device * } /* NOT REACHED */ - dev_err(&sdev->interface->dev, "get pipe, epnum %d\n", epnum); + dev_err(&sdev->udev->dev, "get pipe, epnum %d\n", epnum); return 0; } @@ -466,7 +461,7 @@ static void stub_recv_cmd_submit(struct priv->urb = usb_alloc_urb(0, GFP_KERNEL); if (!priv->urb) { - dev_err(&sdev->interface->dev, "malloc urb\n"); + dev_err(&udev->dev, "malloc urb\n"); usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); return; } @@ -486,7 +481,7 @@ static void stub_recv_cmd_submit(struct priv->urb->setup_packet = kmemdup(&pdu->u.cmd_submit.setup, 8, GFP_KERNEL); if (!priv->urb->setup_packet) { - dev_err(&sdev->interface->dev, "allocate setup_packet\n"); + dev_err(&udev->dev, "allocate setup_packet\n"); usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC); return; } @@ -517,7 +512,7 @@ static void stub_recv_cmd_submit(struct usbip_dbg_stub_rx("submit urb ok, seqnum %u\n", pdu->base.seqnum); else { - dev_err(&sdev->interface->dev, "submit_urb error, %d\n", ret); + dev_err(&udev->dev, "submit_urb error, %d\n", ret); usbip_dump_header(pdu); usbip_dump_urb(priv->urb); --- a/drivers/staging/usbip/stub_tx.c +++ b/drivers/staging/usbip/stub_tx.c @@ -233,7 +233,7 @@ static int stub_send_ret_submit(struct s } if (txsize != sizeof(pdu_header) + urb->actual_length) { - dev_err(&sdev->interface->dev, + dev_err(&sdev->udev->dev, "actual length of urb %d does not match iso packet sizes %zu\n", urb->actual_length, txsize-sizeof(pdu_header)); @@ -265,7 +265,7 @@ static int stub_send_ret_submit(struct s ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov, iovnum, txsize); if (ret != txsize) { - dev_err(&sdev->interface->dev, + dev_err(&sdev->udev->dev, "sendmsg failed!, retval %d for %zd\n", ret, txsize); kfree(iov); @@ -340,7 +340,7 @@ static int stub_send_ret_unlink(struct s ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov, 1, txsize); if (ret != txsize) { - dev_err(&sdev->interface->dev, + dev_err(&sdev->udev->dev, "sendmsg failed!, retval %d for %zd\n", ret, txsize); usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);