[PATCH 1/6] HID: picoLCD: prevent NULL pointer dereferences
From: Bruno Prémont <bonbons@linux-vserver.org>
Date: 2012-08-19 17:32:11
Also in:
linux-input
Subsystem:
hid core layer, picolcd hid driver, the rest · Maintainers:
Jiri Kosina, Benjamin Tissoires, Bruno Prémont, Linus Torvalds
Driver code expects to get access to struct picolcd_data from hiddev and is not prepared to find a NULL pointer there. Most prominent candidate to trip on it is picolcd_fb_deferred_io(). Delay removing struct picolcd_data from hiddev until all sub-devices have been unregistered. Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org> --- drivers/hid/hid-picolcd_core.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
index e08ffd2..76ab173 100644
--- a/drivers/hid/hid-picolcd_core.c
+++ b/drivers/hid/hid-picolcd_core.c@@ -631,7 +631,6 @@ static void picolcd_remove(struct hid_device *hdev) device_remove_file(&hdev->dev, &dev_attr_operation_mode_delay); hid_hw_close(hdev); hid_hw_stop(hdev); - hid_set_drvdata(hdev, NULL); /* Shortcut potential pending reply that will never arrive */ spin_lock_irqsave(&data->lock, flags);
@@ -649,6 +648,7 @@ static void picolcd_remove(struct hid_device *hdev) picolcd_exit_cir(data); picolcd_exit_keys(data); + hid_set_drvdata(hdev, NULL); mutex_destroy(&data->mutex); /* Finally, clean up the picolcd data itself */ kfree(data);
--
1.7.8.6