From f0cae93f3f7e9a26c2d6bc182204c37dec3698eb Mon Sep 17 00:00:00 2001 From: Marcus Nutzinger Date: Thu, 5 Jun 2014 17:17:06 +0200 Subject: usb: gadget: gadgetfs: correct dev state This reverts commit 1826e9b1 (usb: gadget: gadgetfs: use after free in dev_release()) and places the call to put_dev() after setting the state. If this is not the final call to dev_release() and the state is not reset to STATE_DEV_DISABLED and hence all further open() calls to the gadgetfs ep0 device will fail with EBUSY. Signed-off-by: Marcus Nutzinger Reviewed-by: Christoph Muellner Signed-off-by: Felipe Balbi --- drivers/usb/gadget/inode.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'drivers/usb') diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c index ee6c164..2e4ce77 100644 --- a/drivers/usb/gadget/inode.c +++ b/drivers/usb/gadget/inode.c @@ -1264,8 +1264,13 @@ dev_release (struct inode *inode, struct file *fd) kfree (dev->buf); dev->buf = NULL; - put_dev (dev); + /* other endpoints were all decoupled from this device */ + spin_lock_irq(&dev->lock); + dev->state = STATE_DEV_DISABLED; + spin_unlock_irq(&dev->lock); + + put_dev (dev); return 0; } -- cgit v1.1