FROMLIST: usb: gadget: u_serial: Add null pointer checks after RX/TX submission
Commit ffd603f2 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't fully fix the potential null pointer dereference issue. While gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx() and gs_start_tx() release the lock during endpoint request submission. This creates a window where gs_close() could set port->port_tty to NULL, leading to a dereference when the lock is reacquired. This patch adds a null pointer check for port->port_tty after RX/TX submission, and removes the initial null pointer check in gs_start_io() since the caller must hold port_lock and guarantee non-null values for port_usb and port_tty. Fixes: ffd603f2 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") Cc: stable@vger.kernel.org Signed-off-by:Kuen-Han Tsai <khtsai@google.com> Bug: 283247551 Bug: 353656971 Link: https://lore.kernel.org/lkml/20240116141801.396398-1-khtsai@google.com/ Change-Id: Ib850c7d313194074941576a7fdd3a9f58486ad78 Signed-off-by:
Loading
Please sign in to comment