From 886ed642c8be8c64bd4d8e6faf8a575beedcc87b Mon Sep 17 00:00:00 2001 From: William Wu Date: Wed, 6 Apr 2022 16:02:24 +0800 Subject: [PATCH] usb: gadget: udc: core: fix NULL pointer dereference when handle disconnect This patch fix NULL pointer dereference with the following log when usb gadget is configured as uvc. PC is at usb_gadget_disconnect+0x3c/0x4a LR is at dwc3_gadget_pullup+0xllb/0xl28 pc : [] lr : [] psr : 60000033 ...... [] (usb_gadget_disconnect) from [] (usb_gadget_deactivate+0xl7/0x34) [] (usb gadget-deactivate) from [] (usb function deactivate+0x3d/0x86) [] (usb_function_deactivate) from [](uvc_function_disconnect+0xd/0x30) [] (uvc_function_disconnect) from [](uvc_v412_release+0xlb/0x52) [] (uvc_v412_release) from [](v412_release+0x73/0x7e) [] (v412_release) from [] (_fput+0x43/0xc8) [] (_fput) from[](task_work_run+0x5d/0x76) [] (task_work_run) from [] (do_exit+0x2db/0x648) [] (do_exit) from [] (do_group_exit+0x33/0x84) [] (do_group_exit) from [](get_signal+0xl91/0x49a) [] (get_signal) from [] (do_work pending+0x87/0x26e) [] (do_work pending) from [](slow_work _pending+0x9/0xl6) Signed-off-by: William Wu Change-Id: I838d62244e38a20f37ad9b530d5171c5e8de25c4 --- drivers/usb/gadget/udc/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 193974849a54..d00e5c1221ab 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -732,7 +732,8 @@ int usb_gadget_disconnect(struct usb_gadget *gadget) ret = gadget->ops->pullup(gadget, 0); if (!ret) { gadget->connected = 0; - gadget->udc->driver->disconnect(gadget); + if (gadget->udc->driver) + gadget->udc->driver->disconnect(gadget); } out: