Hi, Wesley Cheng <wcheng@xxxxxxxxxxxxxx> writes: > From: Hemant Kumar <hemantk@xxxxxxxxxxxxxx> > > Upon driver unbind usb_free_all_descriptors() function frees all > speed descriptor pointers without setting them to NULL. In case > gadget speed changes (i.e from super speed plus to super speed) > after driver unbind only upto super speed descriptor pointers get > populated. Super speed plus desc still holds the stale (already > freed) pointer. Fix this issue by setting all descriptor pointers > to NULL after freeing them in usb_free_all_descriptors(). could you describe this a little better? How can one trigger this case? Is the speed demotion happening after unbinding? It's not clear how to cause this bug. -- balbi
Attachment:
signature.asc
Description: PGP signature
