Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 387f5c69 authored by Ajay Agarwal's avatar Ajay Agarwal
Browse files

usb: gadget: f_ipc: Fix debugfs node null pointer dereference 



When the device boots up but ipc is not present in the default
composition, then ipc_bind does not happen and ipc_dev->in and
ipc_dev->out are null. At this point, if debugfs node 'status' is
read, then it leads to null pointer dereference when endpoint
names are accessed.
Fix this by bailing out if the EPs have not been assigned yet.

Change-Id: If9ae92f922c9c8a4f337ba152b993b5ee2226f3c
Signed-off-by: default avatarAjay Agarwal <ajaya@codeaurora.org>
parent 11d4fb41

drivers/usb/gadget/function/f_ipc.c

+25 −19
Original line number Diff line number Diff line
@@ -671,7 +671,11 @@ static ssize_t debug_read_stats(struct file *file, char __user *ubuf, 
	int temp = 0;

	unsigned long flags;



	if (ipc_dev) {

	if (!ipc_dev || !ipc_dev->in || !ipc_dev->out) {

		pr_err("ipc_dev instance, or EPs not yet initialised\n");

		return 0;

	}



	spin_lock_irqsave(&ipc_dev->lock, flags);

	temp += scnprintf(buf + temp, PAGE_SIZE - temp,

			"endpoints: %s, %s\n"
@@ -685,7 +689,6 @@ static ssize_t debug_read_stats(struct file *file, char __user *ubuf, 
			ipc_dev->pending_writes,

			ipc_dev->pending_reads);

	spin_unlock_irqrestore(&ipc_dev->lock, flags);

	}



	return simple_read_from_buffer(ubuf, count, ppos, buf, temp);

}
@@ -695,12 +698,15 @@ static ssize_t debug_reset_stats(struct file *file, const char __user *buf, 
{

	unsigned long flags;



	if (ipc_dev) {

	if (!ipc_dev) {

		pr_err("ipc_dev instance not yet initialised\n");

		return count;

	}



	spin_lock_irqsave(&ipc_dev->lock, flags);

	ipc_dev->bytes_to_host = 0;

	ipc_dev->bytes_to_mdm = 0;

	spin_unlock_irqrestore(&ipc_dev->lock, flags);

	}



	return count;

}