Re: [PATCH] usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo

Next message: Rito Rhymes: "Re: [PATCH v3] docs: allow long unbroken headings to wrap and prevent overflow"
Previous message: Bjorn Helgaas: "Re: [PATCH v6 1/2] PCI: AtomicOps: Do not enable without support in root complex"
In reply to: Aelin Reidel: "Re: [PATCH] usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Heidelberg

Date: Thu Mar 26 2026 - 12:59:39 EST

On 16/03/2026 08:49, Kuen-Han Tsai wrote:

Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycle with
device_move") reparents the gadget device to /sys/devices/virtual during
unbind, clearing the gadget pointer. If the userspace tool queries on
the surviving interface during this detached window, this leads to a
NULL pointer dereference.

Unable to handle kernel NULL pointer dereference
Call trace:
eth_get_drvinfo+0x50/0x90
ethtool_get_drvinfo+0x5c/0x1f0
__dev_ethtool+0xaec/0x1fe0
dev_ethtool+0x134/0x2e0
dev_ioctl+0x338/0x560

Add a NULL check for dev->gadget in eth_get_drvinfo(). When detached,
skip copying the fw_version and bus_info strings, which is natively
handled by ethtool_get_drvinfo for empty strings.

Suggested-by: Val Packett <val@xxxxxxxxxxxx>
Reported-by: Val Packett <val@xxxxxxxxxxxx>
Closes: https://lore.kernel.org/linux-usb/10890524-cf83-4a71-b879-93e2b2cc1fcc@xxxxxxxxxxxx/
Fixes: ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycle with device_move")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Kuen-Han Tsai <khtsai@xxxxxxxxxx>
---

Works for us in sdm845-next too,

Tested-by: David Heidelberg <david@xxxxxxx>
--
David Heidelberg