projects / platform / kernel / linux-rpi3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f069b5a)
Input: psmouse - fix cleaning up SMBus companions
authorDmitry Torokhov <dmitry.torokhov@gmail.com>
Sat, 1 Apr 2017 18:33:11 +0000 (11:33 -0700)
committerDmitry Torokhov <dmitry.torokhov@gmail.com>
Mon, 3 Apr 2017 18:59:56 +0000 (11:59 -0700)
When trying to destroy platform data after destruction of SMbus companion,
we need to make sure that we are actually dealing with an SMB companion
device, and not some random I2C client device.

Fixes: 8eb92e5c9133 ("Input: psmouse - add support for SMBus companions")
Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
drivers/input/mouse/psmouse-smbus.c patch | blob | history

diff --git a/drivers/input/mouse/psmouse-smbus.c b/drivers/input/mouse/psmouse-smbus.c
index 061c1cc..d2b1ea3 100644 (file)
--- a/drivers/input/mouse/psmouse-smbus.c
+++ b/drivers/input/mouse/psmouse-smbus.c
@@ -61,24 +61,29 @@ static void psmouse_smbus_check_adapter(struct i2c_adapter *adapter)
 
 static void psmouse_smbus_detach_i2c_client(struct i2c_client *client)
 {
-       struct psmouse_smbus_dev *smbdev;
+       struct psmouse_smbus_dev *smbdev, *tmp;
 
        mutex_lock(&psmouse_smbus_mutex);
 
-       list_for_each_entry(smbdev, &psmouse_smbus_list, node) {
-               if (smbdev->client == client) {
+       list_for_each_entry_safe(smbdev, tmp, &psmouse_smbus_list, node) {
+               if (smbdev->client != client)
+                       continue;
+
+               kfree(client->dev.platform_data);
+               client->dev.platform_data = NULL;
+
+               if (!smbdev->dead) {
                        psmouse_dbg(smbdev->psmouse,
                                    "Marking SMBus companion %s as gone\n",
                                    dev_name(&smbdev->client->dev));
-                       smbdev->client = NULL;
                        smbdev->dead = true;
                        serio_rescan(smbdev->psmouse->ps2dev.serio);
+               } else {
+                       list_del(&smbdev->node);
+                       kfree(smbdev);
                }
        }
 
-       kfree(client->dev.platform_data);
-       client->dev.platform_data = NULL;
-
        mutex_unlock(&psmouse_smbus_mutex);
 }
 
@@ -162,17 +167,20 @@ static void psmouse_smbus_disconnect(struct psmouse *psmouse)
        struct psmouse_smbus_dev *smbdev = psmouse->private;
 
        mutex_lock(&psmouse_smbus_mutex);
-       list_del(&smbdev->node);
-       mutex_unlock(&psmouse_smbus_mutex);
 
-       if (smbdev->client) {
+       if (smbdev->dead) {
+               list_del(&smbdev->node);
+               kfree(smbdev);
+       } else {
+               smbdev->dead = true;
                psmouse_dbg(smbdev->psmouse,
                            "posting removal request for SMBus companion %s\n",
                            dev_name(&smbdev->client->dev));
                psmouse_smbus_schedule_remove(smbdev->client);
        }
 
-       kfree(smbdev);
+       mutex_unlock(&psmouse_smbus_mutex);
+
        psmouse->private = NULL;
 }
 
Domain: System / Kernel; Licenses: GPL-2.0;