usb: gadget: qdss: Add NULL check against priv_usb with usb_qdss_close() (e4b9a52f) · Commits · e / devices / android_kernel_fairphone_FP5

In some cases, it has been observed that Coresight QDSS driver is not callig usb_qdss_open() API before calling usb_qdss_close() API. This results into NULL pointer dereference related crash within usb_qdss_close() API as per channel based priv_usb is not being initialized (it is happening with usb_qdss_open() context). Hence add explicit check aginst NULL before using ch->priv_usb instead of depending on client driver. Change-Id: Ib5073d9262a06c0101d14a23dd6a2fdb77861ff3 Signed-off-by:

Mayank Rana <mrana@codeaurora.org>

drivers/usb/gadget/function/f_qdss.c

+9 −1

Original line number	Diff line number	Diff line
		@@ -1001,7 +1001,7 @@ EXPORT_SYMBOL(usb_qdss_open);

		void usb_qdss_close(struct usb_qdss_ch *ch)
		{
		struct f_qdss *qdss = ch->priv_usb;
		struct f_qdss *qdss;
		struct usb_gadget *gadget;
		unsigned long flags;
		int status;
		@@ -1009,6 +1009,14 @@ void usb_qdss_close(struct usb_qdss_ch *ch)
		pr_debug("%s\n", __func__);

		spin_lock_irqsave(&qdss_lock, flags);
		if (!ch->priv_usb) {
		spin_unlock_irqrestore(&qdss_lock, flags);
		pr_err("%s is called for %s without calling usb_qdss_open()\n",
		__func__, ch->name);
		return;
		}

		qdss = ch->priv_usb;
		ch->priv_usb = NULL;
		if (!qdss \|\| !qdss->usb_connected \|\|
		!strcmp(qdss->ch.name, USB_QDSS_CH_MDM)) {