Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 917daaee authored by Vijayavardhan Vennapusa's avatar Vijayavardhan Vennapusa
Browse files

USB: gadget: f_qdss: Add proper checks in usb_qdss_close() 



On qdsss channel close, driver is dequeuing endless request without
checking whether qdss is active or not. This might crash if qdss channel
is closed when non QDSS composition is active. Fix the issue by having
proper checks and if qdss is not active, just return without performing
dequeue operation.

Change-Id: I667ea843f77794e9384c22ece218853331751db6
Signed-off-by: default avatarVijayavardhan Vennapusa <vvreddy@codeaurora.org>
parent a3df2e4c

drivers/usb/gadget/function/f_qdss.c

+14 −9
Original line number Diff line number Diff line
@@ -1107,20 +1107,26 @@ EXPORT_SYMBOL(usb_qdss_open); 
void usb_qdss_close(struct usb_qdss_ch *ch)

{

	struct f_qdss *qdss = ch->priv_usb;

	struct usb_gadget *gadget = qdss->cdev->gadget;

	struct usb_gadget *gadget;

	unsigned long flags;

	int status;



	pr_debug("usb_qdss_close\n");



	spin_lock_irqsave(&qdss_lock, flags);

	if (!qdss || !qdss->usb_connected) {

		ch->app_conn = 0;

		spin_unlock_irqrestore(&qdss_lock, flags);

		return;

	}



	usb_ep_dequeue(qdss->port.data, qdss->endless_req);

	usb_ep_free_request(qdss->port.data, qdss->endless_req);

	qdss->endless_req = NULL;

	gadget = qdss->cdev->gadget;

	ch->app_conn = 0;

	spin_unlock_irqrestore(&qdss_lock, flags);



	if (qdss->usb_connected) {

	status = uninit_data(qdss->port.data);

	if (status)

		pr_err("%s: uninit_data error\n", __func__);
@@ -1132,7 +1138,6 @@ void usb_qdss_close(struct usb_qdss_ch *ch) 
				0);

	if (status)

		pr_err("%s:qdss_disconnect error\n", __func__);

	}

	usb_gadget_restart(gadget);

}

EXPORT_SYMBOL(usb_qdss_close);