提交 45ab4609 编写于 作者: A Andrzej Pietrasiewicz 提交者: Felipe Balbi

usb: gadget: nokia: fix error recovery path for optional functions

In the nokia gadget some USB functions (obex 1 and 2, phonet) are optional.

If at the start of nokia_bind_config e.g. fi_phonet is an error pointer,
which can happen because we don't fail the bind process if
usb_get_function_instance() fails for fi_phonet, then f_phonet is NULL, and

phonet_stat = usb_add_function(c, f_phonet);

is never called and phonet_stat remains 0.

If, in these circumstances, we hit the err_conf label then !phonet_stat
evaluates to true and we try usb_remove_function() with its second
parameter being f_phonet which is NULL and it causes NULL pointer
dereference.

This patch changes the initial values of (obex1|obex2|phonet)_stat to a
nonzero value so that if the err_conf label is hit while the respective
functions have not been acquired the usb_remove_function() is not called
for those functions.
Signed-off-by: NAndrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: NFelipe Balbi <balbi@ti.com>
上级 e117e742
...@@ -126,9 +126,9 @@ static int __init nokia_bind_config(struct usb_configuration *c) ...@@ -126,9 +126,9 @@ static int __init nokia_bind_config(struct usb_configuration *c)
struct usb_function *f_ecm; struct usb_function *f_ecm;
struct usb_function *f_obex2 = NULL; struct usb_function *f_obex2 = NULL;
int status = 0; int status = 0;
int obex1_stat = 0; int obex1_stat = -1;
int obex2_stat = 0; int obex2_stat = -1;
int phonet_stat = 0; int phonet_stat = -1;
if (!IS_ERR(fi_phonet)) { if (!IS_ERR(fi_phonet)) {
f_phonet = usb_get_function(fi_phonet); f_phonet = usb_get_function(fi_phonet);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册