usb: gadget: composite: don't call driver's unbind() if bind() failed
Lets assume nokia_bind() starts with "return -EINVAL". After loading the
gadget we end up with:
|udc dummy_udc.0: registering UDC driver [g_nokia]
|BUG: unable to handle kernel NULL pointer dereference at
00000040
|IP: [<
c11f9555>] __list_add+0x25/0xf0
|Call Trace:
| [<
c12d4e21>] rollback_registered+0x21/0x40
| [<
c12d513f>] unregister_netdevice_queue+0x4f/0xa0
| [<
c12d5259>] unregister_netdev+0x19/0x30
| [<
f81335b2>] gphonet_cleanup+0x32/0x50 [g_nokia]
| [<
f8133f1c>] nokia_unbind+0x1c/0x2a [g_nokia]
| [<
f802509f>] __composite_unbind.constprop.10+0x4f/0xb0 [libcomposite]
| [<
f80255be>] composite_bind+0x1ae/0x230 [libcomposite]
| [<
c129e576>] usb_gadget_probe_driver+0xc6/0x1b0
| [<
f8024aba>] usb_composite_probe+0x7a/0xa0 [libcomposite]
That is crash from nokia_unbind() invoked via nokia_bind(). This crash
will look different we if make it until usb_string_ids_tab() before we
enter an error condition in the probe function.
nokia_bind_config() tries to clean up which is IMHO the right thing to
do. Leaving things as-is and hoping that its unbind() will clean it up
is kinda backwards. Especially since the bind function never succeeded so
it can't know how much it needs to clean up.
This fixes the behaviour by not calling the driver's unbind function if
its bind function failed.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Felipe Balbi <balbi@ti.com>
projects / platform / kernel / linux-3.10.git / commit