[PATCH] gadgetfs: Initialize CHIP to NULL before UDC probe
From: Lubomir Rintel
Date: Mon Feb 24 2014 - 15:46:48 EST
Otherwise the value from the last probe would be retained that possibly is
freed since (the UDC is removed) and therefore no longer relevant. Reproducible
with the dummy UDC:
modprobe dummy_hcd
mount -t gadgetfs gadgetfs /dev/gadget
umount /dev/gadget
rmmod dummy_hcd
mount -t gadgetfs gadgetfs /dev/gadget
BUG: unable to handle kernel paging request at ffffffffa066fd9d
Call Trace:
[<ffffffff811d0cd2>] ? d_alloc_name+0x22/0x50
[<ffffffff812b74dc>] ? selinux_d_instantiate+0x1c/0x20
[<ffffffffa067d687>] gadgetfs_create_file+0x27/0xa0 [gadgetfs]
[<ffffffffa067da70>] ? setup_req.isra.4+0x80/0x80 [gadgetfs]
[<ffffffffa067dbac>] gadgetfs_fill_super+0x13c/0x180 [gadgetfs]
[<ffffffff811bc832>] mount_single+0x92/0xc0
[<ffffffffa067d0f8>] gadgetfs_mount+0x18/0x20 [gadgetfs]
[<ffffffff811bc8f9>] mount_fs+0x39/0x1b0
[<ffffffff8116b220>] ? __alloc_percpu+0x10/0x20
[<ffffffff811d6da3>] vfs_kern_mount+0x63/0xf0
[<ffffffff811d93be>] do_mount+0x23e/0xac0
[<ffffffff811660eb>] ? strndup_user+0x4b/0xf0
[<ffffffff811d9f63>] SyS_mount+0x83/0xc0
[<ffffffff81695b69>] system_call_fastpath+0x16/0x1b
Signed-off-by: Lubomir Rintel <lkundrak@xxxxx>
---
drivers/usb/gadget/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c
index b94c049..ee15628 100644
--- a/drivers/usb/gadget/inode.c
+++ b/drivers/usb/gadget/inode.c
@@ -2046,6 +2046,7 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
return -ESRCH;
/* fake probe to determine $CHIP */
+ CHIP = NULL;
usb_gadget_probe_driver(&probe_driver);
if (!CHIP)
return -ENODEV;
--
1.8.5.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/