Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c23003a7 authored by Vijayavardhan Vennapusa's avatar Vijayavardhan Vennapusa Committed by Gerrit - the friendly Code Review server
Browse files

USB: f_rndis: Fix NULL pointer dereference during composition switch 



During fast RNDIS enable/disable, there is a chance that rndis
driver unbind race with rndis_cmd_complete and results in NULL
pointer dereference. Fix this by having check it before handling
rndis command received.

Change-Id: Ie54c5083866db9f9d1b80bb5438b1d82db15580f
Signed-off-by: default avatarVijayavardhan Vennapusa <vvreddy@codeaurora.org>
Signed-off-by: default avatarAjay Agarwal <ajaya@codeaurora.org>
parent 0c4403ee

drivers/usb/gadget/function/f_rndis.c

+3 −0
Original line number Diff line number Diff line
@@ -466,6 +466,9 @@ static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) 
	int				status;

	rndis_init_msg_type		*buf;



	if (!rndis || !rndis->notify)

		return;



	/* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */

//	spin_lock(&dev->lock);

	status = rndis_msg_parser(rndis->params, (u8 *) req->buf);