Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25cd9721 authored by Krzysztof Opasiak's avatar Krzysztof Opasiak Committed by Felipe Balbi
Browse files

usb: gadget: f_hid: fix: Don't access hidg->req without spinlock held 



hidg->req should be accessed only with write_spinlock held as it is
set to NULL when we get disabled by host.

Signed-off-by: default avatarKrzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
parent 1f459262

drivers/usb/gadget/function/f_hid.c

+4 −4
Original line number Diff line number Diff line
@@ -367,7 +367,7 @@ static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 
	count  = min_t(unsigned, count, hidg->report_length);



	spin_unlock_irqrestore(&hidg->write_spinlock, flags);

	status = copy_from_user(hidg->req->buf, buffer, count);

	status = copy_from_user(req->buf, buffer, count);



	if (status != 0) {

		ERROR(hidg->func.config->cdev,
@@ -378,9 +378,9 @@ static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 


	spin_lock_irqsave(&hidg->write_spinlock, flags);



	/* we our function has been disabled by host */

	/* when our function has been disabled by host */

	if (!hidg->req) {

		free_ep_req(hidg->in_ep, hidg->req);

		free_ep_req(hidg->in_ep, req);

		/*

		 * TODO

		 * Should we fail with error here?
@@ -394,7 +394,7 @@ static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 
	req->complete = f_hidg_req_complete;

	req->context  = hidg;



	status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC);

	status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);

	if (status < 0) {

		ERROR(hidg->func.config->cdev,

			"usb_ep_queue error on int endpoint %zd\n", status);