From: a17671 Date: Fri, 1 Feb 2019 05:19:09 +0000 (+0800) Subject: f_mtp:Fix ptp kernel panic in factory mode X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=18d8e199551c0ab53d2e87d071d24d38fac47277;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git f_mtp:Fix ptp kernel panic in factory mode cdev could be null in the switching PTP case, check the state before reading To fix the panic issue Change-Id: I30471023a72457854140ae867ed3977fba834dc0 Signed-off-by: a17671 Reviewed-on: https://gerrit.mot.com/1303922 SLTApproved: Slta Waiver SME-Granted: SME Approvals Granted Tested-by: Jira Key Reviewed-by: Xiangpo Zhao Submit-Approved: Jira Key --- diff --git a/drivers/usb/gadget/function/f_mtp.c b/drivers/usb/gadget/function/f_mtp.c index 302f073370e1..01e6153c54d3 100644 --- a/drivers/usb/gadget/function/f_mtp.c +++ b/drivers/usb/gadget/function/f_mtp.c @@ -580,7 +580,17 @@ static ssize_t mtp_read(struct file *fp, char __user *buf, goto done; } spin_lock_irq(&dev->lock); + if (dev->state == STATE_OFFLINE) { + spin_unlock_irq(&dev->lock); + return -ENODEV; + } + if (dev->ep_out->desc) { + if (!cdev) { + spin_unlock_irq(&dev->lock); + return -ENODEV; + } + len = usb_ep_align_maybe(cdev->gadget, dev->ep_out, count); if (len > MTP_BULK_BUFFER_SIZE) { spin_unlock_irq(&dev->lock);