Re: [PATCH] usb: gadget: Check for NULL pointer in disconnect

From: Badhri Jagan Sridharan
Date: Mon Mar 23 2015 - 19:00:44 EST

Next message: David Rientjes: "Re: [PATCH v2] ARM: mm: Do not invoke OOM for higher order IOMMU DMA allocations"
Previous message: Martin Walch: "Re: [PATCH] Kconfig: drop bogus default values"
In reply to: Peter Chen: "Re: [PATCH] usb: gadget: Check for NULL pointer in disconnect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Do you really see some udc drivers call it after composite_unbind is
> called? If it is, you may add dump_stack() to track that error.
>
> Besides this, function suspended_show is needed to add cdev NULL pointer
> checking.

We see this happening occasionally in *not yet* upstreamed UDC
code of some vendors (Yes, disconnect being called after unbind)
After reviewing the entire composite.c file, I did notice that
none of the functions check for NULL pointer when cdev is
obtained from get_gadget_data.
Is crashing/bringing down the whole kernel intentionally
left to happen ? Isn't printing a WARN/ERROR msg and
returning not the preferable approach ?

On 03/22/2015 12:43 AM, Peter Chen wrote:

On Fri, Mar 20, 2015 at 04:40:52PM -0700, Badhri Jagan Sridharan wrote:

Added a safety net to make sure that
composite_disconnect does not end up disconneting
a NULL device. Prevents NULL pointer crash.

Signed-off-by: Badhri Jagan Sridharan <Badhri@xxxxxxxxxx>
---
drivers/usb/gadget/composite.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index 13adfd1..90b37bd 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -1823,6 +1823,11 @@ void composite_disconnect(struct usb_gadget *gadget)
struct usb_composite_dev *cdev = get_gadget_data(gadget);
unsigned long flags;

+ if (!cdev) {
+ WARN(1, "Trying to disconnect a NULL composite device\n");
+ return;
+ }
+

Do you really see some udc drivers call it after composite_unbind is
called? If it is, you may add dump_stack() to track that error.

Besides this, function suspended_show is needed to add cdev NULL pointer
checking.

/* REVISIT: should we have config and device level
* disconnect callbacks?
*/
--
2.2.0.rc0.207.ga3a616c

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "Re: [PATCH v2] ARM: mm: Do not invoke OOM for higher order IOMMU DMA allocations"
Previous message: Martin Walch: "Re: [PATCH] Kconfig: drop bogus default values"
In reply to: Peter Chen: "Re: [PATCH] usb: gadget: Check for NULL pointer in disconnect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]