Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fae9fe40 authored by Mayank Rana's avatar Mayank Rana
Browse files

usb: gadget: f_fs: Fix NULL pointer dereference related crash 



Commit dd102bc5 ("USB: gadget: f_fs: Allocate extra buffer for
IN endpoint") added functionality to allocate extra buffer with USB
IN endpoint for each adb write request. This results into NULL
pointer dereference crash while epfile_io() is trying to access
ffs->gagdet->extra_buf_alloc against ffs_func_unbind().
ffs_func_unbind() marks ffs->gadget as NULL. Fix this issue by
using spin_lock when ffs->gadget is being updated and accessed.

CRs-Fixed: 994049
Change-Id: I7ebad4fd2b2c4cc7654336447cd5753891ba4f51
Signed-off-by: default avatarMayank Rana <mrana@codeaurora.org>
parent 241c08df
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment