On Fri, Oct 25, 2024 at 06:43:31AM +0000, Chen Ridong wrote:
> From: Chen Ridong <chenridong@xxxxxxxxxx>
>
> The cdns3_gadget_ep_alloc_request functions may return NULL
> when memory is out of use. To void possible null_ptr_deref,
> return ENOMEM when cdns3_gadget_ep_alloc_request returns NULL.
>
> Signed-off-by: Chen Ridong <chenridong@xxxxxxxxxx>
> ---
> drivers/usb/cdns3/cdns3-gadget.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/usb/cdns3/cdns3-gadget.c b/drivers/usb/cdns3/cdns3-gadget.c
> index fd1beb10bba7..982e8e0759e8 100644
> --- a/drivers/usb/cdns3/cdns3-gadget.c
> +++ b/drivers/usb/cdns3/cdns3-gadget.c
> @@ -2657,6 +2657,10 @@ static int cdns3_gadget_ep_queue(struct usb_ep *ep, struct usb_request *request,
> struct cdns3_request *priv_req;
>
> zlp_request = cdns3_gadget_ep_alloc_request(ep, GFP_ATOMIC);
> + if (!zlp_request) {
> + spin_unlock_irqrestore(&priv_dev->lock, flags);
> + return -ENOMEM;
Are you sure this is ok? What about the resources that have been
allocated before this return would interrupt them? How was this tested?
thanks,
greg k-h
