Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a2a598a authored by Mayank Rana's avatar Mayank Rana
Browse files

USB: android: Fix error handling when ffs_func_bind fails 



In some cases it is observed that usb_add_function() fails with
ffs_function_bind_config() due to ffs_func_bind() fails. When
adbd closes eps, it is trying to reference NULL function pointer
as below:
  __fput
     |
ffs_epfile_release
     |
ffs_data_closed
     |
ffs_data_clear
     |
functionfs_closed_callback
     |
usb_put_function()

Hence handle error case and add check with config->func against NULL.

CRs-Fixed: 848903
Change-Id: Idd260655b8944bd6b21f7bbe3c0340af88f99dfd
Signed-off-by: default avatarMayank Rana <mrana@codeaurora.org>
parent d3846f3c

drivers/usb/gadget/android.c

+14 −2
Original line number Diff line number Diff line
@@ -569,11 +569,22 @@ static int ffs_function_bind_config(struct android_usb_function *f, 
				    struct usb_configuration *c)

{

	struct functionfs_config *config = f->config;

	int ret;



	config->func = usb_get_function(config->fi);

	if (IS_ERR(config->func))

		return PTR_ERR(config->func);



	return usb_add_function(c, config->func);

	ret = usb_add_function(c, config->func);

	if (ret) {

		pr_err("%s(): usb_add_function() fails (err:%d) for ffs\n",

							__func__, ret);



		usb_put_function(config->func);

		config->func = NULL;

	}



	return ret;

}



static ssize_t
@@ -670,6 +681,7 @@ static void functionfs_closed_callback(struct ffs_data *ffs) 
	if (dev)

		mutex_unlock(&dev->mutex);



	if (config->func)

		usb_put_function(config->func);

}