Skip to content

Commit

Permalink
usb: gadget: gadgetfs: correct dev state
Browse files Browse the repository at this point in the history 
This reverts commit 1826e9b (usb: gadget: gadgetfs: use
after free in dev_release()) and places the call to
put_dev() after setting the state.

If this is not the final call to dev_release() and the
state is not reset to STATE_DEV_DISABLED and hence all
further open() calls to the gadgetfs ep0 device will
fail with EBUSY.

Signed-off-by: Marcus Nutzinger <marcus.nutzinger@theobroma-systems.com>
Reviewed-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
  • Loading branch information
Marcus Nutzinger authored and Felipe Balbi committed Jun 19, 2014
1 parent 14574b5 commit f0cae93
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion drivers/usb/gadget/inode.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1264,8 +1264,13 @@ dev_release (struct inode *inode, struct file *fd)

kfree (dev->buf);
dev->buf = NULL;
put_dev (dev);

/* other endpoints were all decoupled from this device */
spin_lock_irq(&dev->lock);
dev->state = STATE_DEV_DISABLED;
spin_unlock_irq(&dev->lock);

put_dev (dev);
return 0;
}

Expand Down

0 comments on commit f0cae93

Please sign in to comment.