usb: gadget: f_mass_storage: Fix NULL dereference in fsg_add()

fsg_common_init() can fail when memory is low. In that case, it returns PTR_ERR(). fsg_add() does not check for failure, and thus dereferences an invalid fsg_common later, which crashes. Verify if we receive an error from fsg_common_init() and handle it gracefully. Reported-by: Zixun LI <admin@hifiphile.com> Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> Tested-by: Zixun LI <admin@hifiphile.com> # on SAM9X60 Link: https://lore.kernel.org/r/20250328-ums-gadget-leak-v1-3-3b677db99bde@baylibre.com Signed-off-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
author: Mattijs Korpershoek <mkorpershoek@baylibre.com> 2025-03-28 09:15:43 +0100
committer: Mattijs Korpershoek <mkorpershoek@kernel.org> 2025-04-10 10:00:24 +0200
commit: 6c9eaec55ae634bac02e0cf70eb78c879d008a5c (patch)
tree: 212c4e238a403dd2df41e13a3a5eb914ca932d40
parent: 47fd46db943a55a7e0232e27224d216b774d7575 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/usb/gadget/f_mass_storage.c b/drivers/usb/gadget/f_mass_storage.c
index 6f464185bd3..fcce6d12f56 100644
--- a/drivers/usb/gadget/f_mass_storage.c
+++ b/drivers/usb/gadget/f_mass_storage.c
@@ -2742,6 +2742,8 @@ int fsg_add(struct usb_configuration *c)
 	struct fsg_common *fsg_common;
 
 	fsg_common = fsg_common_init(NULL, c->cdev);
+	if (IS_ERR(fsg_common))
+		return PTR_ERR(fsg_common);
 
 	fsg_common->vendor_name = 0;
 	fsg_common->product_name = 0;
author	Mattijs Korpershoek <mkorpershoek@baylibre.com>	2025-03-28 09:15:43 +0100
committer	Mattijs Korpershoek <mkorpershoek@kernel.org>	2025-04-10 10:00:24 +0200
commit	6c9eaec55ae634bac02e0cf70eb78c879d008a5c (patch)
tree	212c4e238a403dd2df41e13a3a5eb914ca932d40
parent	47fd46db943a55a7e0232e27224d216b774d7575 (diff)