1
linux/drivers/usb/gadget
Andrzej Pietrasiewicz f0f42204d0 usb: gadget: fix NULL pointer dereference
Fix possible NULL pointer dereference introduced in
commit 219580e (usb: f_fs: check quirk to pad epout
buf size when not aligned to maxpacketsize)

In cases we do wait with:

wait_event_interruptible(epfile->wait, (ep = epfile->ep));

for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:

usb_ep_align_maybe(gadget, ep->ep, len)

which in turn dereferences it.

This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-20 09:17:23 -06:00
..
acm_ms.c usb: gadget: fix up some comments about CONFIG_USB_DEBUG 2013-12-20 09:51:24 -06:00
amd5536udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
amd5536udc.h
at91_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
at91_udc.h
atmel_usba_udc.c ARM: SoC cleanups for 3.14 2014-01-23 18:36:55 -08:00
atmel_usba_udc.h
audio.c
bcm63xx_udc.c usb: gadget: bcm63xx_udc: fix build failure on DMA channel code 2014-02-18 10:34:54 -06:00
cdc2.c
composite.c usb: gadget: should use u16 type variable to store MaxPower 2013-12-19 09:27:43 -06:00
config.c
configfs.c usb: gadget: configfs: include appropriate header file in configfs.c 2013-12-19 09:27:42 -06:00
configfs.h
dbgp.c
dummy_hcd.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
epautoconf.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
ether.c
f_acm.c
f_ecm.c usb: gadget: f_ecm: remove compatibility layer 2013-12-12 13:43:36 -06:00
f_eem.c
f_fs.c usb: gadget: fix NULL pointer dereference 2014-02-20 09:17:23 -06:00
f_hid.c usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
f_loopback.c usb: gadget: f_loopback: Fix sparse warning 2013-12-17 13:17:42 -06:00
f_mass_storage.c usb: gadget: f_mass_storage: Fix sparse warning 2013-12-17 13:17:43 -06:00
f_mass_storage.h
f_midi.c usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
f_ncm.c usb: gadget: f_ncm: Fix sparse warning 2013-12-17 13:17:43 -06:00
f_obex.c usb: gadget: f_obex: Fix sparse warning 2013-12-17 13:17:43 -06:00
f_phonet.c usb: gadget: f_phonet: Fix sparse warning 2013-12-17 13:17:44 -06:00
f_rndis.c usb: gadget: rndis: merge u_rndis.ko with usb_f_rndis.ko 2013-12-12 13:43:38 -06:00
f_serial.c usb: gadget: f_serial: Fix sparse warning 2013-12-17 13:17:44 -06:00
f_sourcesink.c usb: gadget: f_sourcesink: Fix sparse warning 2013-12-17 13:17:44 -06:00
f_subset.c usb: gadget: f_subset: remove compatibility layer 2013-12-12 13:43:37 -06:00
f_uac1.c
f_uac2.c
f_uvc.c
f_uvc.h
fotg210-udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
fotg210.h
fsl_mxc_udc.c
fsl_qe_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
fsl_qe_udc.h
fsl_udc_core.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
fsl_usb2_udc.h
functions.c
fusb300_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
fusb300_udc.h
g_ffs.c usb: gadget: g_ffs: convert to new interface of f_fs 2013-12-12 13:43:39 -06:00
g_zero.h usb: gadget: f_sourcesink: add configfs support 2013-11-26 13:47:41 -06:00
gadget_chips.h
gmidi.c
goku_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
goku_udc.h
gr_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
gr_udc.h usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC 2013-12-23 19:26:13 -06:00
hid.c
inode.c
Kconfig usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC 2013-12-23 19:26:13 -06:00
lpc32xx_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
m66592-udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
m66592-udc.h
Makefile usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC 2013-12-23 19:26:13 -06:00
mass_storage.c
multi.c usb: gadget: fix up some comments about CONFIG_USB_DEBUG 2013-12-20 09:51:24 -06:00
mv_u3d_core.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
mv_u3d.h
mv_udc_core.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
mv_udc.h
ncm.c
ndis.h
net2272.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
net2272.h
net2280.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
net2280.h
nokia.c usb: gadget: nokia: fix error recovery path for optional functions 2013-12-17 13:17:41 -06:00
omap_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
omap_udc.h
pch_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
printer.c usb: gadget: printer: using gadget_is_otg to check otg support at runtime 2014-02-20 09:17:22 -06:00
pxa25x_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
pxa25x_udc.h
pxa27x_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
pxa27x_udc.h
r8a66597-udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
r8a66597-udc.h
rndis.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
rndis.h
s3c2410_udc.c usb: gadget: s3c2410_udc: Fix build error 2014-02-18 10:34:04 -06:00
s3c2410_udc.h
s3c-hsotg.c usb: gadget: s3c-hsotg: remove duplicated include from s3c-hsotg.c 2014-01-07 16:30:10 -08:00
s3c-hsotg.h usb: gadget: s3c-hsotg: get phy bus width from phy subsystem 2013-12-23 14:31:49 -06:00
s3c-hsudc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
serial.c
storage_common.c
storage_common.h usb: gadget: mass storage: fix return of delayed status 2013-11-25 10:56:33 -06:00
tcm_usb_gadget.c usb: gadget: tcm_usb_gadget: mark bot_cleanup_old_alt static 2013-11-25 11:19:41 -06:00
tcm_usb_gadget.h
u_ecm.h
u_eem.h
u_ether_configfs.h
u_ether.c usb: gadget: update some out of date comments 2013-11-26 10:58:17 -06:00
u_ether.h usb: gadget: f_rndis: remove compatibility layer 2013-12-12 13:43:37 -06:00
u_f.c usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
u_f.h usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
u_fs.h usb: gadget: FunctionFS: add configfs support 2013-12-12 13:43:40 -06:00
u_gether.h
u_ncm.h
u_phonet.h
u_rndis.h usb: gadget: rndis: merge u_rndis.ko with usb_f_rndis.ko 2013-12-12 13:43:38 -06:00
u_serial.c
u_serial.h
u_uac1.c
u_uac1.h
udc-core.c
usbstring.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
uvc_queue.c
uvc_queue.h
uvc_v4l2.c
uvc_video.c
uvc.h
webcam.c
zero.c Linux 3.13-rc4 2013-12-19 09:18:53 -06:00