usb: raw-gadget: fix null-ptr-deref when reenabling endpoints

Currently we preassign gadget endpoints to raw-gadget endpoints during
initialization. Fix resetting this assignment in raw_ioctl_ep_disable(),
otherwise we will get null-ptr-derefs when an endpoint is reenabled.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>

diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c
index d73ba77..e01e366 100644 (file)
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -867,7 +867,6 @@ static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
        spin_lock_irqsave(&dev->lock, flags);
        usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
        kfree(dev->eps[i].ep->desc);
-       dev->eps[i].ep = NULL;
        dev->eps[i].state = STATE_EP_DISABLED;
        dev->eps[i].disabling = false;