From 18d8e199551c0ab53d2e87d071d24d38fac47277 Mon Sep 17 00:00:00 2001
From: a17671 <a17671@motorola.com>
Date: Fri, 1 Feb 2019 13:19:09 +0800
Subject: [PATCH] f_mtp:Fix ptp kernel panic in factory mode

cdev could be null in the switching
PTP case, check the state before reading
To fix the panic issue

Change-Id: I30471023a72457854140ae867ed3977fba834dc0
Signed-off-by: a17671 <a17671@motorola.com>
Reviewed-on: https://gerrit.mot.com/1303922
SLTApproved: Slta Waiver
SME-Granted: SME Approvals Granted
Tested-by: Jira Key
Reviewed-by: Xiangpo Zhao <zhaoxp3@motorola.com>
Submit-Approved: Jira Key
---
 drivers/usb/gadget/function/f_mtp.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/usb/gadget/function/f_mtp.c b/drivers/usb/gadget/function/f_mtp.c
index 302f073370e1..01e6153c54d3 100644
--- a/drivers/usb/gadget/function/f_mtp.c
+++ b/drivers/usb/gadget/function/f_mtp.c
@@ -580,7 +580,17 @@ static ssize_t mtp_read(struct file *fp, char __user *buf,
 		goto done;
 	}
 	spin_lock_irq(&dev->lock);
+	if (dev->state == STATE_OFFLINE) {
+		spin_unlock_irq(&dev->lock);
+		return -ENODEV;
+	}
+
 	if (dev->ep_out->desc) {
+		if (!cdev) {
+			spin_unlock_irq(&dev->lock);
+			return -ENODEV;
+		}
+
 		len = usb_ep_align_maybe(cdev->gadget, dev->ep_out, count);
 		if (len > MTP_BULK_BUFFER_SIZE) {
 			spin_unlock_irq(&dev->lock);
-- 
2.20.1