3.10-stable patches

added patches:
	usb-musb-avoid-null-pointer-dereference.patch

diff --git a/queue-3.10/series b/queue-3.10/series
index 0eb024dd1e2416c94922bc78455d0c8939dc4037..f7b5c6ce7e8310cce19acb36d86291a1857353ca 100644 (file)
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -83,3 +83,4 @@ ocfs2-do-not-put-bh-when-buffer_uptodate-failed.patch
 ext4-fix-jbd2-warning-under-heavy-xattr-load.patch
 ext4-use-i_size_read-in-ext4_unaligned_aio.patch
 usb-pl2303-add-ids-for-hewlett-packard-hp-pos-pole-displays.patch
+usb-musb-avoid-null-pointer-dereference.patch

diff --git a/queue-3.10/usb-musb-avoid-null-pointer-dereference.patch b/queue-3.10/usb-musb-avoid-null-pointer-dereference.patch
new file mode 100644 (file)
index 0000000..6f7e654
--- /dev/null
+++ b/queue-3.10/usb-musb-avoid-null-pointer-dereference.patch
@@ -0,0 +1,50 @@
+From eee3f15d5f1f4f0c283dd4db67dc1b874a2852d1 Mon Sep 17 00:00:00 2001
+From: Felipe Balbi <balbi@ti.com>
+Date: Tue, 25 Feb 2014 10:58:43 -0600
+Subject: usb: musb: avoid NULL pointer dereference
+
+From: Felipe Balbi <balbi@ti.com>
+
+commit eee3f15d5f1f4f0c283dd4db67dc1b874a2852d1 upstream.
+
+instead of relying on the otg pointer, which
+can be NULL in certain cases, we can use the
+gadget and host pointers we already hold inside
+struct musb.
+
+Tested-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Felipe Balbi <balbi@ti.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/musb/musb_core.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/musb/musb_core.c
++++ b/drivers/usb/musb/musb_core.c
+@@ -440,7 +440,6 @@ void musb_hnp_stop(struct musb *musb)
+ static irqreturn_t musb_stage0_irq(struct musb *musb, u8 int_usb,
+                               u8 devctl)
+ {
+-      struct usb_otg *otg = musb->xceiv->otg;
+       irqreturn_t handled = IRQ_NONE;
+ 
+       dev_dbg(musb->controller, "<== DevCtl=%02x, int_usb=0x%x\n", devctl,
+@@ -655,7 +654,7 @@ static irqreturn_t musb_stage0_irq(struc
+                               break;
+               case OTG_STATE_B_PERIPHERAL:
+                       musb_g_suspend(musb);
+-                      musb->is_active = otg->gadget->b_hnp_enable;
++                      musb->is_active = musb->g.b_hnp_enable;
+                       if (musb->is_active) {
+                               musb->xceiv->state = OTG_STATE_B_WAIT_ACON;
+                               dev_dbg(musb->controller, "HNP: Setting timer for b_ase0_brst\n");
+@@ -671,7 +670,7 @@ static irqreturn_t musb_stage0_irq(struc
+                       break;
+               case OTG_STATE_A_HOST:
+                       musb->xceiv->state = OTG_STATE_A_SUSPEND;
+-                      musb->is_active = otg->host->b_hnp_enable;
++                      musb->is_active = musb_to_hcd(musb)->self.b_hnp_enable;
+                       break;
+               case OTG_STATE_B_HOST:
+                       /* Transition to B_PERIPHERAL, see 6.8.2.6 p 44 */