Commit 1301496
usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
Considering that in some extreme cases, when performing the
unbinding operation, gserial_disconnect has cleared gser->ioport,
which triggers gadget reconfiguration, and then calls gs_read_complete,
resulting in access to a null pointer. Therefore, ep is disabled before
gserial_disconnect sets port to null to prevent this from happening.
Call trace:
gs_read_complete+0x58/0x240
usb_gadget_giveback_request+0x40/0x160
dwc3_remove_requests+0x170/0x484
dwc3_ep0_out_start+0xb0/0x1d4
__dwc3_gadget_start+0x25c/0x720
kretprobe_trampoline.cfi_jt+0x0/0x8
kretprobe_trampoline.cfi_jt+0x0/0x8
udc_bind_to_driver+0x1d8/0x300
usb_gadget_probe_driver+0xa8/0x1dc
gadget_dev_desc_UDC_store+0x13c/0x188
configfs_write_iter+0x160/0x1f4
vfs_write+0x2d0/0x40c
ksys_write+0x7c/0xf0
__arm64_sys_write+0x20/0x30
invoke_syscall+0x60/0x150
el0_svc_common+0x8c/0xf8
do_el0_svc+0x28/0xa0
el0_svc+0x24/0x84
Fixes: c1dca56 ("usb gadget: split out serial core")
Cc: stable <[email protected]>
Suggested-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Lianqin Hu <[email protected]>
Link: https://lore.kernel.org/r/TYUPR06MB621733B5AC690DBDF80A0DCCD2042@TYUPR06MB6217.apcprd06.prod.outlook.com
Signed-off-by: Greg Kroah-Hartman <[email protected]>1 parent 74adad5 commit 1301496
1 file changed
+4
-4
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1420 | 1420 | | |
1421 | 1421 | | |
1422 | 1422 | | |
| 1423 | + | |
| 1424 | + | |
| 1425 | + | |
| 1426 | + | |
1423 | 1427 | | |
1424 | 1428 | | |
1425 | 1429 | | |
| |||
1431 | 1435 | | |
1432 | 1436 | | |
1433 | 1437 | | |
1434 | | - | |
1435 | | - | |
1436 | | - | |
1437 | | - | |
1438 | 1438 | | |
1439 | 1439 | | |
1440 | 1440 | | |
| |||
0 commit comments