From: Andrey Konovalov <andreyknvl@google.com>
Date: Wed, 13 May 2020 18:01:42 +0000 (+0200)
Subject: usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
X-Git-Tag: v5.7-rc6~3^2~2^2~3
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=da39b5ee40bc00ae3edb4ae4e205b10bc52f980e;p=users%2Fwilly%2Fxarray.git

usb: raw-gadget: fix null-ptr-deref when reenabling endpoints

Currently we preassign gadget endpoints to raw-gadget endpoints during
initialization. Fix resetting this assignment in raw_ioctl_ep_disable(),
otherwise we will get null-ptr-derefs when an endpoint is reenabled.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
---

diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c
index d73ba77014c8..e01e366d89cd 100644
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -867,7 +867,6 @@ static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
 	spin_lock_irqsave(&dev->lock, flags);
 	usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
 	kfree(dev->eps[i].ep->desc);
-	dev->eps[i].ep = NULL;
 	dev->eps[i].state = STATE_EP_DISABLED;
 	dev->eps[i].disabling = false;