From adce509c2875fb547b9a96fce8f04c7352777e86 Mon Sep 17 00:00:00 2001
From: Hemant Kumar <hemantk@codeaurora.org>
Date: Mon, 15 May 2017 12:01:02 -0700
Subject: usb: gadget: f_cdev: Fix NULL pointer dereference in cser_free_inst

If f_cdev_alloc() fails it frees the port context and set_inst_name()
call back returns with error. As a result free_func_inst() call back
is called which is dereferencing port context from f_cdev_opts context
which results into NULL ptr dereference. Fix the issue by adding NULL
check for port context pointer in f_cdev_opts context.

Change-Id: I69828761be0a9f7df714eec34894c13f762dcc43
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
---
 drivers/usb/gadget/function/f_cdev.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/gadget/function/f_cdev.c b/drivers/usb/gadget/function/f_cdev.c
index 3d466bfa098d..34ec15ab9010 100644
--- a/drivers/usb/gadget/function/f_cdev.c
+++ b/drivers/usb/gadget/function/f_cdev.c
@@ -823,8 +823,10 @@ static void cser_free_inst(struct usb_function_instance *fi)
 
 	opts = container_of(fi, struct f_cdev_opts, func_inst);
 
-	device_destroy(fcdev_classp, MKDEV(major, opts->port->minor));
-	cdev_del(&opts->port->fcdev_cdev);
+	if (opts->port) {
+		device_destroy(fcdev_classp, MKDEV(major, opts->port->minor));
+		cdev_del(&opts->port->fcdev_cdev);
+	}
 	usb_cser_chardev_deinit();
 	kfree(opts->func_name);
 	kfree(opts->port);
-- 
cgit v1.2.3