linux/drivers/usb/gadget
Andrzej Pietrasiewicz f0f42204d0 usb: gadget: fix NULL pointer dereference
Fix possible NULL pointer dereference introduced in
commit 219580e (usb: f_fs: check quirk to pad epout
buf size when not aligned to maxpacketsize)

In cases we do wait with:

wait_event_interruptible(epfile->wait, (ep = epfile->ep));

for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:

usb_ep_align_maybe(gadget, ep->ep, len)

which in turn dereferences it.

This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2014-02-20 09:17:23 -06:00
..
acm_ms.c usb: gadget: fix up some comments about CONFIG_USB_DEBUG 2013-12-20 09:51:24 -06:00
amd5536udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
amd5536udc.h
at91_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
at91_udc.h usb: gadget: at91_udc: add usb_clk for transition to common clk framework 2013-08-02 15:17:03 +03:00
atmel_usba_udc.c ARM: SoC cleanups for 3.14 2014-01-23 18:36:55 -08:00
atmel_usba_udc.h
audio.c
bcm63xx_udc.c usb: gadget: bcm63xx_udc: fix build failure on DMA channel code 2014-02-18 10:34:54 -06:00
cdc2.c usb: gadget: cdc2: fix conversion to new interface of f_ecm 2013-09-17 10:38:52 -05:00
composite.c usb: gadget: should use u16 type variable to store MaxPower 2013-12-19 09:27:43 -06:00
config.c
configfs.c usb: gadget: configfs: include appropriate header file in configfs.c 2013-12-19 09:27:42 -06:00
configfs.h usb: gadget: configfs: add a method to unregister the gadget 2013-10-01 09:50:22 -05:00
dbgp.c
dummy_hcd.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
epautoconf.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
ether.c usb: gadget: ether: put_usb_function on unbind 2013-07-25 20:35:23 +03:00
f_acm.c usb: acm gadget: Null termintate strings table 2013-08-30 11:10:36 -07:00
f_ecm.c usb: gadget: f_ecm: remove compatibility layer 2013-12-12 13:43:36 -06:00
f_eem.c usb: gadget: f_eem: Staticize eem_alloc 2013-09-17 11:06:50 -05:00
f_fs.c usb: gadget: fix NULL pointer dereference 2014-02-20 09:17:23 -06:00
f_hid.c usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
f_loopback.c usb: gadget: f_loopback: Fix sparse warning 2013-12-17 13:17:42 -06:00
f_mass_storage.c usb: gadget: f_mass_storage: Fix sparse warning 2013-12-17 13:17:43 -06:00
f_mass_storage.h usb: gadget: f_mass_storage: remove compatibility layer 2013-10-10 10:24:53 -05:00
f_midi.c usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
f_ncm.c usb: gadget: f_ncm: Fix sparse warning 2013-12-17 13:17:43 -06:00
f_obex.c usb: gadget: f_obex: Fix sparse warning 2013-12-17 13:17:43 -06:00
f_phonet.c usb: gadget: f_phonet: Fix sparse warning 2013-12-17 13:17:44 -06:00
f_rndis.c usb: gadget: rndis: merge u_rndis.ko with usb_f_rndis.ko 2013-12-12 13:43:38 -06:00
f_serial.c usb: gadget: f_serial: Fix sparse warning 2013-12-17 13:17:44 -06:00
f_sourcesink.c usb: gadget: f_sourcesink: Fix sparse warning 2013-12-17 13:17:44 -06:00
f_subset.c usb: gadget: f_subset: remove compatibility layer 2013-12-12 13:43:37 -06:00
f_uac1.c usb: gadget: f_uac1: Staticize local functions 2013-08-09 16:34:19 +03:00
f_uac2.c
f_uvc.c Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-07-13 12:09:57 -07:00
f_uvc.h
fotg210-udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
fotg210.h
fsl_mxc_udc.c usb: gadget: use dev_get_platdata() 2013-07-30 11:18:46 +03:00
fsl_qe_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
fsl_qe_udc.h
fsl_udc_core.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
fsl_usb2_udc.h
functions.c
fusb300_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
fusb300_udc.h
g_ffs.c usb: gadget: g_ffs: convert to new interface of f_fs 2013-12-12 13:43:39 -06:00
g_zero.h usb: gadget: f_sourcesink: add configfs support 2013-11-26 13:47:41 -06:00
gadget_chips.h
gmidi.c
goku_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
goku_udc.h
gr_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
gr_udc.h usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC 2013-12-23 19:26:13 -06:00
hid.c usb: gadget: use dev_get_platdata() 2013-07-30 11:18:46 +03:00
inode.c Merge git://git.kvack.org/~bcrl/aio-next 2013-09-13 10:55:58 -07:00
Kconfig usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC 2013-12-23 19:26:13 -06:00
lpc32xx_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
m66592-udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
m66592-udc.h
Makefile usb: gadget: Add UDC driver for Aeroflex Gaisler GRUSBDC 2013-12-23 19:26:13 -06:00
mass_storage.c usb: gadget: mass_storage: convert to new interface of f_mass_storage 2013-10-10 10:24:10 -05:00
multi.c usb: gadget: fix up some comments about CONFIG_USB_DEBUG 2013-12-20 09:51:24 -06:00
mv_u3d_core.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
mv_u3d.h
mv_udc_core.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
mv_udc.h
ncm.c
ndis.h
net2272.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
net2272.h
net2280.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
net2280.h
nokia.c usb: gadget: nokia: fix error recovery path for optional functions 2013-12-17 13:17:41 -06:00
omap_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
omap_udc.h
pch_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
printer.c usb: gadget: printer: using gadget_is_otg to check otg support at runtime 2014-02-20 09:17:22 -06:00
pxa25x_udc.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
pxa25x_udc.h
pxa27x_udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
pxa27x_udc.h
r8a66597-udc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
r8a66597-udc.h
rndis.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
rndis.h
s3c2410_udc.c usb: gadget: s3c2410_udc: Fix build error 2014-02-18 10:34:04 -06:00
s3c2410_udc.h
s3c-hsotg.c usb: gadget: s3c-hsotg: remove duplicated include from s3c-hsotg.c 2014-01-07 16:30:10 -08:00
s3c-hsotg.h usb: gadget: s3c-hsotg: get phy bus width from phy subsystem 2013-12-23 14:31:49 -06:00
s3c-hsudc.c usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
serial.c
storage_common.c usb: gadget: storage_common: pass filesem to fsg_store_cdrom 2013-10-15 06:52:08 -05:00
storage_common.h usb: gadget: mass storage: fix return of delayed status 2013-11-25 10:56:33 -06:00
tcm_usb_gadget.c usb: gadget: tcm_usb_gadget: mark bot_cleanup_old_alt static 2013-11-25 11:19:41 -06:00
tcm_usb_gadget.h
u_ecm.h
u_eem.h
u_ether_configfs.h
u_ether.c usb: gadget: update some out of date comments 2013-11-26 10:58:17 -06:00
u_ether.h usb: gadget: f_rndis: remove compatibility layer 2013-12-12 13:43:37 -06:00
u_f.c usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
u_f.h usb: gadget: factor out alloc_ep_req 2013-11-26 13:41:32 -06:00
u_fs.h usb: gadget: FunctionFS: add configfs support 2013-12-12 13:43:40 -06:00
u_gether.h
u_ncm.h
u_phonet.h
u_rndis.h usb: gadget: rndis: merge u_rndis.ko with usb_f_rndis.ko 2013-12-12 13:43:38 -06:00
u_serial.c
u_serial.h
u_uac1.c usb: gadget: u_uac1: add __user annotation 2013-08-09 16:34:13 +03:00
u_uac1.h
udc-core.c usb: gadget: udc-core: Do not report -EISNAM error from gadgetfs 2013-10-04 09:44:43 -05:00
usbstring.c usb: delete non-required instances of include <linux/init.h> 2014-01-08 15:01:39 -08:00
uvc_queue.c usb: gadget: uvc: Fix error handling in uvc_queue_buffer() 2013-08-09 17:40:54 +03:00
uvc_queue.h
uvc_v4l2.c
uvc_video.c
uvc.h [media] f_uvc: add v4l2_device and replace parent with v4l2_dev 2013-06-21 11:04:47 -03:00
webcam.c
zero.c Linux 3.13-rc4 2013-12-19 09:18:53 -06:00