On 02/22/2018 10:39 AM, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> Currently the driver attempts to spin lock on udc->lock before a NULL
> pointer check is performed on udc, hence there is a potential null
> pointer dereference on udc->lock. Fix this by moving the null check
> on udc before the lock occurs.
>
> Fixes: ea6873a45a22 ("usbip: vudc: Add SysFS infrastructure for VUDC")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
> drivers/usb/usbip/vudc_sysfs.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/usb/usbip/vudc_sysfs.c b/drivers/usb/usbip/vudc_sysfs.c
> index d86f72bbbb91..6dcd3ff655c3 100644
> --- a/drivers/usb/usbip/vudc_sysfs.c
> +++ b/drivers/usb/usbip/vudc_sysfs.c
> @@ -105,10 +105,14 @@ static ssize_t usbip_sockfd_store(struct device *dev, struct device_attribute *a
> if (rv != 0)
> return -EINVAL;
>
> + if (!udc) {
> + dev_err(dev, "no device");
> + return -ENODEV;
> + }
> spin_lock_irqsave(&udc->lock, flags);
> /* Don't export what we don't have */
> - if (!udc || !udc->driver || !udc->pullup) {
> - dev_err(dev, "no device or gadget not bound");
> + if (!udc->driver || !udc->pullup) {
> + dev_err(dev, "gadget not bound");
> ret = -ENODEV;
> goto unlock;
> }
>
Thanks for the patch. Looks good to me.
Acked-by: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>
thanks,
-- Shuah
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
