Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3aa60dab authored by Manu Gautam's avatar Manu Gautam
Browse files

USB: u_bam: Fix NULL pointer dereference on device removal 



On device removal, port->gr is accessed to get grmnet and gadget
before calling DMA APIs. port->gr is mainly used for BAM2BAM
transports and it not updated when bam_dmux is used. This results
in NULL pointer dereference if device is removed after bootup.
To fix this use port->port_usb instead of port->gr for this
purpose and later replace all usage of port->gr with port_usb.

CRs-fixed: 673429
Change-Id: Ifc68a9f3137ede19fea6c10d63bfe70b6174da50
Signed-off-by: default avatarManu Gautam <mgautam@codeaurora.org>
parent 3bb9501c

drivers/usb/gadget/u_bam.c

+2 −2
Original line number Diff line number Diff line
@@ -255,7 +255,7 @@ static struct sk_buff *gbam_alloc_skb_from_pool(struct gbam_port *port) 


		skb_reserve(skb, BAM_MUX_HDR);



		dev = port_to_rmnet(port->gr);

		dev = port_to_rmnet(port->port_usb);

		if ((d->trans == USB_GADGET_XPORT_BAM2BAM_IPA) &&

			dev && dev->cdev && dev->cdev->gadget) {
@@ -317,7 +317,7 @@ static void gbam_free_rx_skb_idle_list(struct gbam_port *port) 
		return;

	d = &port->data_ch;



	dev = port_to_rmnet(port->gr);

	dev = port_to_rmnet(port->port_usb);

	if (dev && dev->cdev && dev->cdev->gadget)

		gadget = dev->cdev->gadget;