projects / GitHub / exynos8895 / android_kernel_samsung_universal8895.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e931d15) | patch
usb: gadget: fix NULL ptr derefer while symlinking PTP func
authorAmit Pundir <amit.pundir@linaro.org>
Fri, 31 Jul 2015 21:56:51 +0000 (03:26 +0530)
committerJohn Stultz <john.stultz@linaro.org>
Tue, 16 Feb 2016 21:52:12 +0000 (13:52 -0800)
commita89affddffb840da8d9d34c553d65dd1739e9ae1
tree48246683e7b6ecf9c2d330db49426d809e0d92e9tree | snapshot (tar.gz zip)
parente931d151a9e953381f992f6da68386f1858da043commit | diff
usb: gadget: fix NULL ptr derefer while symlinking PTP func

Fix NULL pointer dereference while trying to link PTP
function to a gadget configuration without creating
MTP function.

PTP piggyback on MTP function so make sure we have
MTP function created beforehand. Otherwise we run
into following kernel panic:
-----------------------
[   70.329957] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   70.330738] pgd = dd8ec000
[   70.330916] [00000000] *pgd=00000000
[   70.331663] Internal error: Oops: 805 [#1] SMP THUMB2
[   70.332155] CPU: 0 PID: 2067 Comm: ln Not tainted 3.18.0-00587-gdfa582e #1
[   70.332511] task: dd9c92c0 ti: dd822000 task.ti: dd822000
[   70.333094] PC is at function_alloc_mtp_ptp+0xe/0x68
[   70.333311] LR is at usb_get_function+0x11/0x1c
[   70.333489] pc : [<c034ec12>]    lr : [<c033cce9>]    psr: 60070033
<..snip..>
[   70.384111] 3fc0: bec14ae4 00000004 bec14c0a 00000053 00000004 b6f0422d 00000000 bec14adc
[   70.384369] 3fe0: bec14af8 bec14a98 b6f071f3 b6e8977c 20070010 bec14c0d 00000000 00000000
[   70.384832] [<c034ec12>] (function_alloc_mtp_ptp) from [<c033cce9>] (usb_get_function+0x11/0x1c)
[   70.385146] [<c033cce9>] (usb_get_function) from [<c033da9b>] (config_usb_cfg_link+0x87/0xa8)
[   70.385421] [<c033da9b>] (config_usb_cfg_link) from [<c011f417>] (configfs_symlink+0xb7/0x1c8)
[   70.385696] [<c011f417>] (configfs_symlink) from [<c00dcd8d>] (vfs_symlink+0x85/0xc0)
[   70.386010] [<c00dcd8d>] (vfs_symlink) from [<c00dce0b>] (SyS_symlinkat+0x43/0x70)
[   70.386261] [<c00dce0b>] (SyS_symlinkat) from [<c000ce41>] (ret_fast_syscall+0x1/0x5c)
[   70.386610] Code: eb04 4a0f 6e03 480f (e883) 0005
[   70.387346] ---[ end trace 8dba7c552e02f8fa ]---
[   70.387647] Kernel panic - not syncing: Fatal exception
[   70.387980] ---[ end Kernel panic - not syncing: Fatal exception
-----------------------

Steps to reproduce the kernel panic:

mount -t configfs none /config
mkdir /config/usb_gadget/g1
cd /config/usb_gadget/g1
echo 0x18d1 > idVendor
echo 0x4e26 > idProduct
mkdir strings/0x409
echo 0123459876 > strings/0x409/serialnumber
echo Asus > strings/0x409/manufacturer
echo Nexus7 > strings/0x409/product
mkdir configs/c.1
mkdir configs/c.1/strings/0x409
echo "Conf 1" > configs/c.1/strings/0x409/configuration
echo 120 > configs/c.1/MaxPower
mkdir functions/ptp.ptp
ln -s functions/ptp.ptp configs/c.1/ptp.ptp

Also MTP and PTP are mutually exclusive functions
so make sure we have only one of it linked to a
configuration at a time. Otherwise it opens up
another set of bug(s?).

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
drivers/usb/gadget/configfs.c diff | blob | blame | history
drivers/usb/gadget/function/f_mtp.c diff | blob | blame | history
drivers/usb/gadget/functions.c diff | blob | blame | history