On Mon, Jun 16, 2025 at 09:21:46PM +0800, Kuen-Han Tsai wrote:
This reverts commit ffd603f214237e250271162a5b325c6199a65382.
Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") adds null pointer checks at the beginning of the gs_start_io() function to prevent a null pointer dereference. However, these checks are redundant because the function's comment already requires callers to hold the port_lock and ensure port.tty and port_usb are not null. All existing callers already follow these rules.
The true cause of the null pointer dereference is a race condition. When gs_start_io() calls either gs_start_rx() or gs_start_tx(), the port_lock is temporarily released for usb_ep_queue(). This allows port.tty and port_usb to be cleared.
Cc: stable@vger.kernel.org Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io")
As this is removing unneeded checks, why is it cc: stable? What bug is being resolved here?
confused,
greg k-h