ANDROID: USB: f_accessory: Check dev pointer before decoding ctrl request

In case of poweroff charging mode, accessory function instance is not created and due to this, _acc_dev will be NULL. If target is connected to Accessory dock in poweroff charging mode, there is a chance dev pointer is accessed, which is NULL. Hence add a check before processing control request and return error if it is NULL. Bug: 141002587 Change-Id: I4f1deb9d764b8c0bd1d7837cbc43a2933167f568 Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org> Signed-off-by: Jack Pham <jackp@codeaurora.org> Signed-off-by: Giuliano Procida <gprocida@google.com>
author: Vijayavardhan Vennapusa <vvreddy@codeaurora.org> 2018-04-04 11:02:28 +0530
committer: Giuliano Procida <gprocida@google.com> 2020-12-30 10:15:36 +0000
commit: 2900fb410b44d1e54e0f134a5ef4d77b431a3563 (patch)
tree: 4bcf6fc1c944606e9032a0c022d22f24da7bec13
parent: b48ef710056e3c85d364d60cef6bb20b676c5ff1 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/usb/gadget/function/f_accessory.c b/drivers/usb/gadget/function/f_accessory.c
index 67fd8d9562d6..70ce46a2a9cf 100644
--- a/drivers/usb/gadget/function/f_accessory.c
+++ b/drivers/usb/gadget/function/f_accessory.c
@@ -844,6 +844,12 @@ int acc_ctrlrequest(struct usb_composite_dev *cdev,
 	u16	w_length = le16_to_cpu(ctrl->wLength);
 	unsigned long flags;
 
+	/*
+	 * If instance is not created which is the case in power off charging
+	 * mode, dev will be NULL. Hence return error if it is the case.
+	 */
+	if (!dev)
+		return -ENODEV;
 /*
  *	printk(KERN_INFO "acc_ctrlrequest "
  *			"%02x.%02x v%04x i%04x l%u\n",
author	Vijayavardhan Vennapusa <vvreddy@codeaurora.org>	2018-04-04 11:02:28 +0530
committer	Giuliano Procida <gprocida@google.com>	2020-12-30 10:15:36 +0000
commit	2900fb410b44d1e54e0f134a5ef4d77b431a3563 (patch)
tree	4bcf6fc1c944606e9032a0c022d22f24da7bec13
parent	b48ef710056e3c85d364d60cef6bb20b676c5ff1 (diff)