Commit b900f7d3 authored Aug 11, 2015 by Mayank Rana

usb: android: Fix possible race in terms of using ffs_function



When adbd is being killed and restarted, android_disable() and
android_enable() APIs are called from functionfs_closed_callback()
and functionfs_ready_callback(). config->func is being allocated
and updated with mutex_lock acquire whereas it is freed without
mutex_lock from functionfs_closed_callback(). Hence make sure
to allocate and de-allocate ffs_function with mutex_lock acquire.

CRs-Fixed: 888043
Change-Id: I015afe81e5e93694a462be609a119a7fdae2c928
Signed-off-by: Mayank Rana <mrana@codeaurora.org>

parent 40b49a34

drivers/usb/gadget/android.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -678,11 +678,14 @@ static void functionfs_closed_callback(struct ffs_data *ffs)
		config->opened = false;
		config->data = NULL;

		if (config->func) {
		usb_put_function(config->func);
		config->func = NULL;
		}

		if (dev)
		mutex_unlock(&dev->mutex);

		if (config->func)
		usb_put_function(config->func);
		}

		/* ACM */