From: Hemant Kumar <hemantk@codeaurora.org>
Date: Thu, 21 Jul 2016 20:54:54 +0000 (-0700)
Subject: usb: dwc3: Fix NULL ptr dereference in ep disable ops
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=c24e9fe6143b12db1530dc3b0f791a381f0412d1;p=sagit-ice-cold%2Fkernel_xiaomi_msm8998.git

usb: dwc3: Fix NULL ptr dereference in ep disable ops

In RNDIS composition when windows PC is suspended RNDIS
driver sends flow control enable which frees the trb pool
of the RNDIS endpoints and trb pool pointer is set to NULL.
When bus suspend happens RNDIS gsi driver performs endpoint
disable operation because remote wake up is disabled. Endpoint
disable perform memset 0 on trb pool which is already set to
NULL causing the NULL pointer dereference. Fix this by adding
NULL check for trb pool before doing memset 0.

CRs-Fixed: 1044799
Change-Id: I2a233e85139be0612314e6fa3dfa1d1c0fa04547
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
---

diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 7087b5744eef..2b8d86d266ff 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -723,7 +723,7 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
 	 * due to stale trbs with HWO bit set from previous composition when update
 	 * transfer cmd is issued.
 	 */
-	if (dep->number > 1) {
+	if (dep->number > 1 && dep->trb_pool) {
 		memset(&dep->trb_pool[0], 0,
 			sizeof(struct dwc3_trb) * dep->num_trbs);
 		dbg_event(dep->number, "Clr_TRB", 0);