review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Johan Hovold <johan@kernel.org>
	Wed, 25 Sep 2019 09:29:13 +0000 (11:29 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 17 Oct 2019 20:44:54 +0000 (13:44 -0700)
commit	ca9c18c00a95ba753e80ac7bbf4b29ec9a050549
tree	67cba98c9c8520e584700f41eefa63803ec78b3a	tree \| snapshot
parent	316f51d7759735a5295301ab22a7c6231b49c24f	commit \| diff

USB: adutux: fix NULL-derefs on disconnect

commit b2fa7baee744fde746c17bc1860b9c6f5c2eebb7 upstream.

The driver was using its struct usb_device pointer as an inverted
disconnected flag, but was setting it to NULL before making sure all
completion handlers had run. This could lead to a NULL-pointer
dereference in a number of dev_dbg statements in the completion handlers
which relies on said pointer.

The pointer was also dereferenced unconditionally in a dev_dbg statement
release() something which would lead to a NULL-deref whenever a device
was disconnected before the final character-device close if debugging
was enabled.

Fix this by unconditionally stopping all I/O and preventing
resubmissions by poisoning the interrupt URBs at disconnect and using a
dedicated disconnected flag.

This also makes sure that all I/O has completed by the time the
disconnect callback returns.

Fixes: 1ef37c6047fe ("USB: adutux: remove custom debug macro and module parameter")
Fixes: 66d4bc30d128 ("USB: adutux: remove custom debug macro")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190925092913.8608-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>