• S
    usb: gadget: composite: don't call driver's unbind() if bind() failed · 779d516c
    Sebastian Andrzej Siewior 提交于
    Lets assume nokia_bind() starts with "return -EINVAL". After loading the
    gadget we end up with:
    
    |udc dummy_udc.0: registering UDC driver [g_nokia]
    |BUG: unable to handle kernel NULL pointer dereference at 00000040
    |IP: [<c11f9555>] __list_add+0x25/0xf0
    |Call Trace:
    | [<c12d4e21>] rollback_registered+0x21/0x40
    | [<c12d513f>] unregister_netdevice_queue+0x4f/0xa0
    | [<c12d5259>] unregister_netdev+0x19/0x30
    | [<f81335b2>] gphonet_cleanup+0x32/0x50 [g_nokia]
    | [<f8133f1c>] nokia_unbind+0x1c/0x2a [g_nokia]
    | [<f802509f>] __composite_unbind.constprop.10+0x4f/0xb0 [libcomposite]
    | [<f80255be>] composite_bind+0x1ae/0x230 [libcomposite]
    | [<c129e576>] usb_gadget_probe_driver+0xc6/0x1b0
    | [<f8024aba>] usb_composite_probe+0x7a/0xa0 [libcomposite]
    
    That is crash from nokia_unbind() invoked via nokia_bind(). This crash
    will look different we if make it until usb_string_ids_tab() before we
    enter an error condition in the probe function.
    nokia_bind_config() tries to clean up which is IMHO the right thing to
    do. Leaving things as-is and hoping that its unbind() will clean it up
    is kinda backwards. Especially since the bind function never succeeded so
    it can't know how much it needs to clean up.
    This fixes the behaviour by not calling the driver's unbind function if
    its bind function failed.
    Signed-off-by: NSebastian Andrzej Siewior <bigeasy@linutronix.de>
    Signed-off-by: NFelipe Balbi <balbi@ti.com>
    779d516c
composite.c 46.6 KB