Re: [PATCH] usb: gadget: fix NULL ptr derefer while unlinking functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Winter Wang <wente.wang@xxxxxxx> writes:
> Fix NULL pointer dereference while trying to unlink audio_source
> in android.
>
> If unlink audio_source function, got a NULL pointer dereference:
> ---------------
> [00000000] *pgd=28ad1831, *pte=00000000, *ppte=00000000
> Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
> Modules linked in:
> CPU: 1 PID: 1 Comm: init Not tainted 4.1.15-03448-g3749667-dirty #41
> Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
> task: d8070000 ti: d8056000 task.ti: d8056000
> PC is at 0x0
> LR is at config_usb_cfg_unlink+0xfc/0x10c
> pc : [<00000000>]    lr : [<c06d24b4>]    psr: a00f0013
> <..snip..>
> [<c06d24b4>] (config_usb_cfg_unlink) from [<c026bfe4>] (configfs_unlink+0x110/0x1a4)
> [<c026bfe4>] (configfs_unlink) from [<c020d894>] (vfs_unlink+0xcc/0x1a8)
> [<c020d894>] (vfs_unlink) from [<c0212a3c>] (do_unlinkat+0x230/0x264)
> ...
> ---------------
>
> Add sanity check for NULL pointer in usb_put_function, as some
> functions doesn't have func->free_func implemented.
>
> Signed-off-by: Winter Wang <wente.wang@xxxxxxx>
> ---
>  drivers/usb/gadget/functions.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/functions.c b/drivers/usb/gadget/functions.c
> index 389c1f3..8f9f932 100644
> --- a/drivers/usb/gadget/functions.c
> +++ b/drivers/usb/gadget/functions.c
> @@ -80,7 +80,7 @@ EXPORT_SYMBOL_GPL(usb_put_function_instance);
>  
>  void usb_put_function(struct usb_function *f)
>  {
> -	if (!f)
> +	if (!f || !f->free_func)

the bug is your lack of ->free_func(), rather.

-- 
balbi

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux