Re: [PATCH 1/2] Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"
From: Kuen-Han Tsai
Date: Mon Jun 16 2025 - 23:42:24 EST
On Mon, Jun 16, 2025 at 10:18 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Mon, Jun 16, 2025 at 09:21:46PM +0800, Kuen-Han Tsai wrote:
> > This reverts commit ffd603f214237e250271162a5b325c6199a65382.
> >
> > Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in
> > gs_start_io") adds null pointer checks at the beginning of the
> > gs_start_io() function to prevent a null pointer dereference. However,
> > these checks are redundant because the function's comment already
> > requires callers to hold the port_lock and ensure port.tty and port_usb
> > are not null. All existing callers already follow these rules.
> >
> > The true cause of the null pointer dereference is a race condition. When
> > gs_start_io() calls either gs_start_rx() or gs_start_tx(), the port_lock
> > is temporarily released for usb_ep_queue(). This allows port.tty and
> > port_usb to be cleared.
> >
> > Cc: stable@xxxxxxxxxxxxxxx
> > Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io")
>
> As this is removing unneeded checks, why is it cc: stable? What bug is
> being resolved here?
>
> confused,
>
> greg k-h
Sorry for not using the "cc: stable" correctly. I'll remove it and send
out a new version soon.
Regards,
Kuen-Han