diff options
| author | Chandana Kishori Chiluveru <cchiluve@codeaurora.org> | 2016-12-15 19:43:30 +0530 |
|---|---|---|
| committer | Chandana Kishori Chiluveru <cchiluve@codeaurora.org> | 2016-12-22 16:38:43 +0530 |
| commit | c2e31d922c522757be5275c591800f71b6210bc6 (patch) | |
| tree | 5c816200d1965102692cb969b4fa3963845341d6 | |
| parent | 3162449f7d245d45f007d4ea3224576ddf1bcc63 (diff) | |
usb: gadget: f_qc_rndis: Fix double-free in qcrndis_free_inst
qcrndis_free_inst function can double free f_qc_rndis pointer.
Hence fix this memory bug in qcrndis_free_inst function.
Same bool RNDIS flag is used for USB_CONFIGFS_RNDIS and
USB_CONFIGFS_QCRNDIS. Add bool Change in Kconfig to differentiate
these two different configs.
Change-Id: I8e7c4be090107618cd6cbac394a57f109f8a1ced
Signed-off-by: Chandana Kishori Chiluveru <cchiluve@codeaurora.org>
| -rw-r--r-- | drivers/usb/gadget/Kconfig | 2 | ||||
| -rw-r--r-- | drivers/usb/gadget/function/f_qc_rndis.c | 13 |
2 files changed, 2 insertions, 13 deletions
diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig index 9d9eed2d5d68..b826f926b205 100644 --- a/drivers/usb/gadget/Kconfig +++ b/drivers/usb/gadget/Kconfig @@ -325,7 +325,7 @@ config USB_CONFIGFS_ECM_SUBSET a simple CDC subset is used, placing fewer demands on USB. config USB_CONFIGFS_QCRNDIS - bool "RNDIS" + bool "QCRNDIS" depends on USB_CONFIGFS depends on RNDIS_IPA depends on NET diff --git a/drivers/usb/gadget/function/f_qc_rndis.c b/drivers/usb/gadget/function/f_qc_rndis.c index eb306529981f..b8baa303f20b 100644 --- a/drivers/usb/gadget/function/f_qc_rndis.c +++ b/drivers/usb/gadget/function/f_qc_rndis.c @@ -1320,19 +1320,16 @@ static struct miscdevice rndis_qc_device = { static void qcrndis_free_inst(struct usb_function_instance *f) { - struct f_rndis_qc *rndis; struct f_rndis_qc_opts *opts = container_of(f, struct f_rndis_qc_opts, func_inst); unsigned long flags; - rndis = opts->rndis; misc_deregister(&rndis_qc_device); ipa_data_free(USB_IPA_FUNC_RNDIS); spin_lock_irqsave(&rndis_lock, flags); - kfree(rndis); - _rndis_qc = NULL; kfree(opts->rndis); + _rndis_qc = NULL; kfree(opts); spin_unlock_irqrestore(&rndis_lock, flags); } @@ -1414,13 +1411,6 @@ static struct usb_function_instance *qcrndis_alloc_inst(void) return &opts->func_inst; } -static void rndis_qc_cleanup(void) -{ - pr_info("rndis QC cleanup\n"); - - misc_deregister(&rndis_qc_device); -} - void *rndis_qc_get_ipa_rx_cb(void) { return rndis_ipa_params.ipa_rx_notify; @@ -1458,7 +1448,6 @@ static int __init usb_qcrndis_init(void) static void __exit usb_qcrndis_exit(void) { usb_function_unregister(&rndis_bamusb_func); - rndis_qc_cleanup(); } module_init(usb_qcrndis_init); |