net/9p/trans_usbg.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
When the client is not Connected it is not valid to call
usb9pfs_clear_tx since the endpoints are not even allocated. By running
into p9_usbg_close in that case we would dereference the in_req which is
NULL when the client->status is Disconnected. Fix that by leaving
usb9pfs_clear_tx immediately if the state is wrong.
We also update the client->status after the for usb9pfs_clear_tx to
check for the actual state when running from p9_usbg_close.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
---
net/9p/trans_usbg.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c
index 975b76839dca1..64a5209943dbc 100644
--- a/net/9p/trans_usbg.c
+++ b/net/9p/trans_usbg.c
@@ -417,6 +417,10 @@ static void usb9pfs_clear_tx(struct f_usb9pfs *usb9pfs)
{
struct p9_req_t *req;
+ /* we are not allocated - return */
+ if (usb9pfs->client->status != Connected)
+ return;
+
guard(spinlock_irqsave)(&usb9pfs->lock);
req = usb9pfs->in_req->context;
@@ -442,10 +446,10 @@ static void p9_usbg_close(struct p9_client *client)
if (!usb9pfs)
return;
- client->status = Disconnected;
-
usb9pfs_clear_tx(usb9pfs);
+ client->status = Disconnected;
+
opts = container_of(usb9pfs->function.fi,
struct f_usb9pfs_opts, func_inst);
---
base-commit: 68d4209158f43a558c5553ea95ab0c8975eab18c
change-id: 20240929-fixes9p-5d618bbe6d6b
Best regards,
--
Michael Grzeschik <m.grzeschik@pengutronix.de>Please drop this patch for now. I will have to do some more testing
regarding the prompt connect mount and disconnect state changes
and will come back with a proper solution.
On Sun, Sep 29, 2024 at 09:22:55PM +0200, Michael Grzeschik wrote:
>When the client is not Connected it is not valid to call
>usb9pfs_clear_tx since the endpoints are not even allocated. By running
>into p9_usbg_close in that case we would dereference the in_req which is
>NULL when the client->status is Disconnected. Fix that by leaving
>usb9pfs_clear_tx immediately if the state is wrong.
>
>We also update the client->status after the for usb9pfs_clear_tx to
>check for the actual state when running from p9_usbg_close.
>
>Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
>---
> net/9p/trans_usbg.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c
>index 975b76839dca1..64a5209943dbc 100644
>--- a/net/9p/trans_usbg.c
>+++ b/net/9p/trans_usbg.c
>@@ -417,6 +417,10 @@ static void usb9pfs_clear_tx(struct f_usb9pfs *usb9pfs)
> {
> struct p9_req_t *req;
>
>+ /* we are not allocated - return */
>+ if (usb9pfs->client->status != Connected)
>+ return;
>+
> guard(spinlock_irqsave)(&usb9pfs->lock);
>
> req = usb9pfs->in_req->context;
>@@ -442,10 +446,10 @@ static void p9_usbg_close(struct p9_client *client)
> if (!usb9pfs)
> return;
>
>- client->status = Disconnected;
>-
> usb9pfs_clear_tx(usb9pfs);
>
>+ client->status = Disconnected;
>+
> opts = container_of(usb9pfs->function.fi,
> struct f_usb9pfs_opts, func_inst);
>
>
>---
>base-commit: 68d4209158f43a558c5553ea95ab0c8975eab18c
>change-id: 20240929-fixes9p-5d618bbe6d6b
>
>Best regards,
>--
>Michael Grzeschik <m.grzeschik@pengutronix.de>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
© 2016 - 2026 Red Hat, Inc.