Commit c78828e3 authored Jan 16, 2024 by Kuen-Han Tsai Committed by Matthias Männich Jul 17, 2024

FROMLIST: usb: gadget: u_serial: Add null pointer checks after RX/TX submission



Commit ffd603f2 ("usb: gadget: u_serial: Add null pointer check in
gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't
fully fix the potential null pointer dereference issue. While
gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx()
and gs_start_tx() release the lock during endpoint request submission.
This creates a window where gs_close() could set port->port_tty to NULL,
leading to a dereference when the lock is reacquired.

This patch adds a null pointer check for port->port_tty after RX/TX
submission, and removes the initial null pointer check in gs_start_io()
since the caller must hold port_lock and guarantee non-null values for
port_usb and port_tty.

Fixes: ffd603f2 ("usb: gadget: u_serial: Add null pointer check in gs_start_io")
Cc: stable@vger.kernel.org
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>

Bug: 283247551
Link: https://lore.kernel.org/lkml/20240116141801.396398-1-khtsai@google.com/


Change-Id: Ib850c7d313194074941576a7fdd3a9f58486ad78
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>

parent 7de5ae52

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit d57efa70
· Nov 05, 2025

mentioned in commit d57efa70

mentioned in commit d57efa708101af2be11605d0d58a9f686c7b01d7

Toggle commit list

Please to comment