| Message ID | 20230904105455.13090-1-jiazi.li@transsion.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | usb: gadget: u_serial: Add null pointer check in gs_close | expand |
On Mon, Sep 04, 2023 at 06:54:55PM +0800, Jiazi.Li wrote: > If kfifo_alloc return err in gs_open, tty->driver_data will not > be assigned a legal value. How can kfifo_alloc fail under normal operation? Have you seen this happen? > This will result in a NULL pointer issue when calling gs_close in > the following error handling: > tty_open > ->tty_release > ->gs_close Odd trailing whitespace :( > Add a null pointer check in gs_close to prevent this. > > Signed-off-by: Jiazi.Li <jiazi.li@transsion.com> Doesn't match your From: line :( thanks, greg k-h
diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index a92eb6d90976..9a04b34bbe8c 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -680,6 +680,9 @@ static void gs_close(struct tty_struct *tty, struct file *file) struct gs_port *port = tty->driver_data; struct gserial *gser; + if (!port) + return; + spin_lock_irq(&port->port_lock); if (port->port.count != 1) {
If kfifo_alloc return err in gs_open, tty->driver_data will not be assigned a legal value. This will result in a NULL pointer issue when calling gs_close in the following error handling: tty_open ->tty_release ->gs_close Add a null pointer check in gs_close to prevent this. Signed-off-by: Jiazi.Li <jiazi.li@transsion.com> --- drivers/usb/gadget/function/u_serial.c | 3 +++ 1 file changed, 3 insertions(+)