Commit fde0634a authored by Kuen-Han Tsai's avatar Kuen-Han Tsai Committed by Greg Kroah-Hartman
Browse files

usb: legacy: ncm: Fix NPE in gncm_bind 



Commit 56a512a9 ("usb: gadget: f_ncm: align net_device lifecycle
with bind/unbind") deferred the allocation of the net_device. This
change leads to a NULL pointer dereference in the legacy NCM driver as
it attempts to access the net_device before it's fully instantiated.

Store the provided qmult, host_addr, and dev_addr into the struct
ncm_opts->net_opts during gncm_bind(). These values will be properly
applied to the net_device when it is allocated and configured later in
the binding process by the NCM function driver.

Fixes: 56a512a9 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind")
Cc: stable@kernel.org
Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202602181727.fd76c561-lkp@intel.com


Signed-off-by: default avatarKuen-Han Tsai <khtsai@google.com>
Link: https://patch.msgid.link/20260221-legacy-ncm-v2-1-dfb891d76507@google.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent b9fde507

drivers/usb/gadget/legacy/ncm.c

+10 −3
Original line number Diff line number Diff line
@@ -15,8 +15,10 @@ 
/* #define DEBUG */

/* #define VERBOSE_DEBUG */



#include <linux/hex.h>

#include <linux/kernel.h>

#include <linux/module.h>

#include <linux/string.h>

#include <linux/usb/composite.h>



#include "u_ether.h"
@@ -129,6 +131,7 @@ static int gncm_bind(struct usb_composite_dev *cdev) 
	struct usb_gadget	*gadget = cdev->gadget;

	struct f_ncm_opts	*ncm_opts;

	int			status;

	u8			mac[ETH_ALEN];



	f_ncm_inst = usb_get_function_instance("ncm");

	if (IS_ERR(f_ncm_inst))
@@ -136,11 +139,15 @@ static int gncm_bind(struct usb_composite_dev *cdev) 


	ncm_opts = container_of(f_ncm_inst, struct f_ncm_opts, func_inst);



	gether_set_qmult(ncm_opts->net, qmult);

	if (!gether_set_host_addr(ncm_opts->net, host_addr))

	ncm_opts->net_opts.qmult = qmult;

	if (host_addr && mac_pton(host_addr, mac)) {

		memcpy(&ncm_opts->net_opts.host_mac, mac, ETH_ALEN);

		pr_info("using host ethernet address: %s", host_addr);

	if (!gether_set_dev_addr(ncm_opts->net, dev_addr))

	}

	if (dev_addr && mac_pton(dev_addr, mac)) {

		memcpy(&ncm_opts->net_opts.dev_mac, mac, ETH_ALEN);

		pr_info("using self ethernet address: %s", dev_addr);

	}



	/* Allocate string descriptor numbers ... note that string

	 * contents can be overridden by the composite_dev glue.