From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46E98757EA; Tue, 4 Nov 2025 05:15:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762233347; cv=none; b=f4MX7ldDdiN0NcuzqiX2X128SRK9g7PWZsiRT+UGjAW+hMXSn6IHiu5OQgkEETEk5nDXSpOh6438Irel27maGI8JmToHr8cEk04tY7LLIjAxAIsa9qXqHhZYoupMuf01TpJKsyAGIz8ah5JY209/dfLR1UHWpYPAoN20Ol7rbTg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762233347; c=relaxed/simple; bh=CG/77hDlBA5GAi+YsvTXUU6wq+DW2FoxpA4mz+wRsT4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=mhU6li0ifd6IKAJBIcsUd41EaY911YIzFQCjnxH58K1Mv+7S+CKj28vYjvQjKJ/kejCXpwr6Zv7lGG5vIE7rWnqRYPf58HybCCxVNk+7AaLXAFdlnArvcgyC1T+GLSIHIJl3gFq3/Gd2XF4lUwnlitXCvmj4tLr+8dluywQfg6k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=zsKl4KLe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="zsKl4KLe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56DDFC4CEF8; Tue, 4 Nov 2025 05:15:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1762233346; bh=CG/77hDlBA5GAi+YsvTXUU6wq+DW2FoxpA4mz+wRsT4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=zsKl4KLeRKR6BOr+L/GctUjALH92R4J9iOWiTTpAanB//7lFP/tEVZOBTBWCqBmhN eajqB9JtkWpp+rli6dLKkByyuJDzBpGdsaIs3nxNoU5Y7pAtqei6jwFnP9+FAtxclX qSAEIVlLS0t/3ti07tWm7/CUDeFS4LQIjX+NEuho= Date: Tue, 4 Nov 2025 14:15:44 +0900 From: Greg Kroah-Hartman To: guhuinan Cc: stable@vger.kernel.org, linux-usb@vger.kernel.org, Al Viro , Ingo Rohloff , Christian Brauner , Chen Ni , Peter Zijlstra , Sabyrzhan Tasbolatov , Akash M , Chenyu , Yudongbin , Mahongwei , Jiangdayu Subject: Re: [PATCH 6.12.y] usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Message-ID: <2025110452-graffiti-blizzard-9cbc@gregkh> References: <20251104034946.605-1-guhuinan@xiaomi.com> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20251104034946.605-1-guhuinan@xiaomi.com> On Tue, Nov 04, 2025 at 11:49:46AM +0800, guhuinan wrote: > From: Owen Gu > > [ Upstream commit cfd6f1a7b42f ("usb: gadget: f_fs: Fix epfile null > pointer access after ep enable.") ] > > A race condition occurs when ffs_func_eps_enable() runs concurrently > with ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset() > sets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading > to a NULL pointer dereference when accessing epfile->ep in > ffs_func_eps_enable() after successful usb_ep_enable(). > > The ffs->epfiles pointer is set to NULL in both ffs_data_clear() and > ffs_data_close() functions, and its modification is protected by the > spinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function > is also protected by ffs->eps_lock. > > Thus, add NULL pointer handling for ffs->epfiles in the > ffs_func_eps_enable() function to fix issues > > Signed-off-by: Owen Gu > Link: https://lore.kernel.org/r/20250915092907.17802-1-guhuinan@xiaomi.com > Signed-off-by: Greg Kroah-Hartman > --- > drivers/usb/gadget/function/f_fs.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) What about 6.17.y? You do not want to upgrade from 6.12 to a newer kernel and have a regression. And if this fixes a bug, why was it not marked with a Fixes: tag or a cc: stable tag? Did I just miss that before? thanks, greg k-h