releases/4.14.40/usb-musb-trace-fix-null-pointer-dereference-in-musb_g_tx.patch

   1 From 9aea9b6cc78d2b99b23d84fb2e0bc6e464c6569e Mon Sep 17 00:00:00 2001
   2 From: Bin Liu <b-liu@ti.com>
   3 Date: Mon, 30 Apr 2018 11:20:54 -0500
   4 Subject: usb: musb: trace: fix NULL pointer dereference in musb_g_tx()
   5
   6 From: Bin Liu <b-liu@ti.com>
   7
   8 commit 9aea9b6cc78d2b99b23d84fb2e0bc6e464c6569e upstream.
   9
  10 The usb_request pointer could be NULL in musb_g_tx(), where the
  11 tracepoint call would trigger the NULL pointer dereference failure when
  12 parsing the members of the usb_request pointer.
  13
  14 Move the tracepoint call to where the usb_request pointer is already
  15 checked to solve the issue.
  16
  17 Fixes: fc78003e5345 ("usb: musb: gadget: add usb-request tracepoints")
  18 Cc: stable@vger.kernel.org # v4.8+
  19 Signed-off-by: Bin Liu <b-liu@ti.com>
  20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21
  22 ---
  23  drivers/usb/musb/musb_gadget.c |    3 ++-
  24  1 file changed, 2 insertions(+), 1 deletion(-)
  25
  26 --- a/drivers/usb/musb/musb_gadget.c
  27 +++ b/drivers/usb/musb/musb_gadget.c
  28 @@ -442,7 +442,6 @@ void musb_g_tx(struct musb *musb, u8 epn
  29         req = next_request(musb_ep);
  30         request = &req->request;
  31
  32 -       trace_musb_req_tx(req);
  33         csr = musb_readw(epio, MUSB_TXCSR);
  34         musb_dbg(musb, "<== %s, txcsr %04x", musb_ep->end_point.name, csr);
  35
  36 @@ -481,6 +480,8 @@ void musb_g_tx(struct musb *musb, u8 epn
  37                 u8      is_dma = 0;
  38                 bool    short_packet = false;
  39
  40 +               trace_musb_req_tx(req);
  41 +
  42                 if (dma && (csr & MUSB_TXCSR_DMAENAB)) {
  43                         is_dma = 1;
  44                         csr |= MUSB_TXCSR_P_WZC_BITS;