Commit 334cbcd7 authored Feb 20, 2019 by Pratham Pratap

usb: gadget: f_gsi: Fix NULL pointer dereference



If modem SSR happenes with restart_level as RELATED and
somehow function unbind/bind gets called then NULL pointer
dereference is happening since by the time modem restarts
gsi_bind fails and hence gadget start fails leading config 
to be removed from the list. In the meantime if ioctl call
comes from user space then since modem is offline and sm_state 
is initialized driver will try to send control notification
where NULL pointer dereference occurred while accessing
gsi->function.config. Fix this by adding a NULL pointer check
before the assignment.

Change-Id: I1c10e0080f12cf3ab79a0e240566d25e40c1e875
Signed-off-by: Pratham Pratap <prathampratap@codeaurora.org>

parent e77f22c4

drivers/usb/gadget/function/f_gsi.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -1806,11 +1806,16 @@ static int gsi_ctrl_send_notification(struct f_gsi *gsi)
		__le32 *data;
		struct usb_cdc_notification *event;
		struct usb_request *req = gsi->c_port.notify_req;
		struct usb_composite_dev *cdev = gsi->function.config->cdev;
		struct usb_composite_dev *cdev;
		struct gsi_ctrl_pkt *cpkt;
		unsigned long flags;
		bool del_free_cpkt = false;

		if (!gsi->function.config)
		return -ENODEV;

		cdev = gsi->function.config->cdev;

		if (!atomic_read(&gsi->connected)) {
		log_event_dbg("%s: cable disconnect", __func__);
		return -ENODEV;