From 63e303f15a7edc8e69bef7664a4f470eba0af799 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 5 May 2014 15:48:09 -0700
Subject: [PATCH] 3.10-stable patches

added patches:
	usb-musb-avoid-null-pointer-dereference.patch
---
 queue-3.10/series                             |  1 +
 ...-musb-avoid-null-pointer-dereference.patch | 50 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 queue-3.10/usb-musb-avoid-null-pointer-dereference.patch

diff --git a/queue-3.10/series b/queue-3.10/series
index 0eb024dd1e2..f7b5c6ce7e8 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -83,3 +83,4 @@ ocfs2-do-not-put-bh-when-buffer_uptodate-failed.patch
 ext4-fix-jbd2-warning-under-heavy-xattr-load.patch
 ext4-use-i_size_read-in-ext4_unaligned_aio.patch
 usb-pl2303-add-ids-for-hewlett-packard-hp-pos-pole-displays.patch
+usb-musb-avoid-null-pointer-dereference.patch
diff --git a/queue-3.10/usb-musb-avoid-null-pointer-dereference.patch b/queue-3.10/usb-musb-avoid-null-pointer-dereference.patch
new file mode 100644
index 00000000000..6f7e654be66
--- /dev/null
+++ b/queue-3.10/usb-musb-avoid-null-pointer-dereference.patch
@@ -0,0 +1,50 @@
+From eee3f15d5f1f4f0c283dd4db67dc1b874a2852d1 Mon Sep 17 00:00:00 2001
+From: Felipe Balbi <balbi@ti.com>
+Date: Tue, 25 Feb 2014 10:58:43 -0600
+Subject: usb: musb: avoid NULL pointer dereference
+
+From: Felipe Balbi <balbi@ti.com>
+
+commit eee3f15d5f1f4f0c283dd4db67dc1b874a2852d1 upstream.
+
+instead of relying on the otg pointer, which
+can be NULL in certain cases, we can use the
+gadget and host pointers we already hold inside
+struct musb.
+
+Tested-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Felipe Balbi <balbi@ti.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/musb/musb_core.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/musb/musb_core.c
++++ b/drivers/usb/musb/musb_core.c
+@@ -440,7 +440,6 @@ void musb_hnp_stop(struct musb *musb)
+ static irqreturn_t musb_stage0_irq(struct musb *musb, u8 int_usb,
+ 				u8 devctl)
+ {
+-	struct usb_otg *otg = musb->xceiv->otg;
+ 	irqreturn_t handled = IRQ_NONE;
+ 
+ 	dev_dbg(musb->controller, "<== DevCtl=%02x, int_usb=0x%x\n", devctl,
+@@ -655,7 +654,7 @@ static irqreturn_t musb_stage0_irq(struc
+ 				break;
+ 		case OTG_STATE_B_PERIPHERAL:
+ 			musb_g_suspend(musb);
+-			musb->is_active = otg->gadget->b_hnp_enable;
++			musb->is_active = musb->g.b_hnp_enable;
+ 			if (musb->is_active) {
+ 				musb->xceiv->state = OTG_STATE_B_WAIT_ACON;
+ 				dev_dbg(musb->controller, "HNP: Setting timer for b_ase0_brst\n");
+@@ -671,7 +670,7 @@ static irqreturn_t musb_stage0_irq(struc
+ 			break;
+ 		case OTG_STATE_A_HOST:
+ 			musb->xceiv->state = OTG_STATE_A_SUSPEND;
+-			musb->is_active = otg->host->b_hnp_enable;
++			musb->is_active = musb_to_hcd(musb)->self.b_hnp_enable;
+ 			break;
+ 		case OTG_STATE_B_HOST:
+ 			/* Transition to B_PERIPHERAL, see 6.8.2.6 p 44 */
-- 
2.47.3