mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-02-17 13:40:32 -05:00
41f71deda1
Kuen-Han Tsai <khtsai@google.com> says: This patch series refactors the error-handling paths in the bind() function for f_ncm, f_acm, f_ecm, and f_rndis drivers. The current, unified goto logic in these drivers is vulnerable to a null pointer dereference. This is caused by the cleanup logic incorrectly handling the stale usb_request pointer after a bind/unbind cycle. This series fixes this issue by converting the drivers to use the modern __free() scope-based cleanup mechanism. Patches 1-2 are preparatory, adding the endpoint pointer to struct usb_request and defining helpers for the __free() cleanup. The remaining four patches use this new plumbing to refactor each driver. Future work ----------- 1. Refactor usb_ep_free_request(), usb_ep_queue(), and usb_ep_dequeue() functions as the ep parameter becomes redudant. 2. Convert the remaining gadget function drivers to use the new __free() cleanup mechanism. Link: https://lore.kernel.org/r/20250916-ready-v1-0-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>