usb: musb: trace: fix NULL pointer dereference in musb_g_tx()

The usb_request pointer could be NULL in musb_g_tx(), where the
tracepoint call would trigger the NULL pointer dereference failure when
parsing the members of the usb_request pointer.

Move the tracepoint call to where the usb_request pointer is already
checked to solve the issue.

Fixes: fc78003e5345 ("usb: musb: gadget: add usb-request tracepoints")
Cc: stable@vger.kernel.org # v4.8+
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
index e564695c6c8da85f33f5e9ba79d3e0a73ba4379d..71c5835ea9cd087893979c62c90f840c5570f136 100644 (file)
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -417,7 +417,6 @@ void musb_g_tx(struct musb *musb, u8 epnum)
        req = next_request(musb_ep);
        request = &req->request;
 
-       trace_musb_req_tx(req);
        csr = musb_readw(epio, MUSB_TXCSR);
        musb_dbg(musb, "<== %s, txcsr %04x", musb_ep->end_point.name, csr);
 
@@ -456,6 +455,8 @@ void musb_g_tx(struct musb *musb, u8 epnum)
                u8      is_dma = 0;
                bool    short_packet = false;
 
+               trace_musb_req_tx(req);
+
                if (dma && (csr & MUSB_TXCSR_DMAENAB)) {
                        is_dma = 1;
                        csr |= MUSB_TXCSR_P_WZC_BITS;