tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

usb: legacy: ncm: Fix NPE in gncm_bind

Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle
with bind/unbind") deferred the allocation of the net_device. This
change leads to a NULL pointer dereference in the legacy NCM driver as
it attempts to access the net_device before it's fully instantiated.

Store the provided qmult, host_addr, and dev_addr into the struct
ncm_opts->net_opts during gncm_bind(). These values will be properly
applied to the net_device when it is allocated and configured later in
the binding process by the NCM function driver.

Fixes: 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind")
Cc: stable@kernel.org
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202602181727.fd76c561-lkp@intel.com
Signed-off-by: Kuen-Han Tsai <khtsai@google.com>
Link: https://patch.msgid.link/20260221-legacy-ncm-v2-1-dfb891d76507@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Kuen-Han Tsai and committed by
Greg Kroah-Hartman fde0634a b9fde507

+10 -3
+10 -3
drivers/usb/gadget/legacy/ncm.c
··· 15 15 /* #define DEBUG */ 16 16 /* #define VERBOSE_DEBUG */ 17 17 18 + #include <linux/hex.h> 18 19 #include <linux/kernel.h> 19 20 #include <linux/module.h> 21 + #include <linux/string.h> 20 22 #include <linux/usb/composite.h> 21 23 22 24 #include "u_ether.h" ··· 131 129 struct usb_gadget *gadget = cdev->gadget; 132 130 struct f_ncm_opts *ncm_opts; 133 131 int status; 132 + u8 mac[ETH_ALEN]; 134 133 135 134 f_ncm_inst = usb_get_function_instance("ncm"); 136 135 if (IS_ERR(f_ncm_inst)) ··· 139 136 140 137 ncm_opts = container_of(f_ncm_inst, struct f_ncm_opts, func_inst); 141 138 142 - gether_set_qmult(ncm_opts->net, qmult); 143 - if (!gether_set_host_addr(ncm_opts->net, host_addr)) 139 + ncm_opts->net_opts.qmult = qmult; 140 + if (host_addr && mac_pton(host_addr, mac)) { 141 + memcpy(&ncm_opts->net_opts.host_mac, mac, ETH_ALEN); 144 142 pr_info("using host ethernet address: %s", host_addr); 145 - if (!gether_set_dev_addr(ncm_opts->net, dev_addr)) 143 + } 144 + if (dev_addr && mac_pton(dev_addr, mac)) { 145 + memcpy(&ncm_opts->net_opts.dev_mac, mac, ETH_ALEN); 146 146 pr_info("using self ethernet address: %s", dev_addr); 147 + } 147 148 148 149 /* Allocate string descriptor numbers ... note that string 149 150 * contents can be overridden by the composite_dev glue.