ANDROID: usb: f_accessory: Don't drop NULL reference in acc_disconnect()
If get_acc_dev() fails to obtain a reference to the current device, acc_disconnect() will attempt to put_acc_dev() with the resulting NULL pointer, leading to a crash: | Unable to handle kernel NULL pointer dereference at virtual address 00000074 | [...] | [<c0abb288>] (acc_disconnect) from [<c0a91a38>] (android_disconnect+0x1c/0x7c) | [<c0a91a38>] (android_disconnect) from [<c0a93958>] (usb_gadget_udc_reset+0x10/0x34) | [<c0a93958>] (usb_gadget_udc_reset) from [<c0a4a9c4>] (dwc3_gadget_reset_interrupt+0x88/0x4fc) | [<c0a4a9c4>] (dwc3_gadget_reset_interrupt) from [<c0a491f8>] (dwc3_process_event_buf+0x60/0x3e4) | [<c0a491f8>] (dwc3_process_event_buf) from [<c0a49180>] (dwc3_thread_interrupt+0x24/0x3c) | [<c0a49180>] (dwc3_thread_interrupt) from [<c02b3404>] (irq_thread_fn+0x1c/0x58) | [<c02b3404>] (irq_thread_fn) from [<c02b326c>] (irq_thread+0x1ec/0x2f4) | [<c02b326c>] (irq_thread) from [<c0260804>] (kthread+0x1a8/0x1ac) | [<c0260804>] (kthread) from [<c0200138>] (ret_from_fork+0x14/0x3c) Follow the pattern used elsewhere, and return early if we fail to obtain a reference. Bug: 173789633 Reported-by:YongQin Liu <yongqin.liu@linaro.org> Signed-off-by:
Loading
Please register or sign in to comment