[ 29/85] USB: ark3116: fix NULL-pointer dereference

[ 00/85] 3.6.4-stable review · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 03/85] ext4: Avoid underflow in ext4_trim_fs() · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 02/85] ext4: Checksum the block bitmap properly with bigalloc enabled · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 06/85] nohz: Fix idle ticks in cpu summary line of /proc/stat · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 07/85] arch/tile: avoid generating .eh_frame information in modules · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 05/85] hwmon: (coretemp) Add support for Atom CE4110/4150/4170 · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 31/85] USB: oti6858: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 21/85] usb: acm: fix the computation of the number of data bits · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 24/85] USB: cyberjack: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 45/85] usb: dwc3: gadget: fix endpoint always busy bug · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 46/85] usb: Dont enable LPM if the exit latency is zero. · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 19/85] xen/x86: dont corrupt %eip when returning from a signal handler · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 47/85] USB: Enable LPM after a failed probe. · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 39/85] USB: ti_usb_3410_5052: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 62/85] drm/i915: Use cpu relocations if the object is in the GTT but not mappable · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 61/85] media: au0828: fix case where STREAMOFF being called on stopped stream causes BUG() · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 56/85] pinctrl: remove mutex lock in groups show · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 59/85] amd64_edac:__amd64_set_scrub_rate(): avoid overindexing scrubrates[] · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 66/85] net: Fix skb_under_panic oops in neigh_resolve_output · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 79/85] RDS: fix rds-ping spinlock recursion · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 78/85] ipvs: fix ARP resolving for direct routing mode · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 71/85] skge: Add DMA mask quirk for Marvell 88E8001 on ASUS P5NSLI motherboard · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 81/85] ipv6: addrconf: fix /proc/net/if_inet6 · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 84/85] sparc64: Fix bit twiddling in sparc_pmu_enable_event(). · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 80/85] tcp: resets are misrouted · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 85/85] mac80211: call drv_get_tsf() in sleepable context · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 83/85] sparc64: Like x86 we should check current->mm during perf backtrace generation. · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 82/85] sparc64: fix ptrace interaction with force_successful_syscall_return() · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 65/85] net: remove skb recycling · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 74/85] ipv4: fix forwarding for strict source routes · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 73/85] ipv4: fix sending of redirects · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 72/85] vlan: dont deliver frames for unknown vlans to protocols · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 70/85] ipv4: Dont report stale pmtu values to userspace · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 69/85] ipv4: Dont create nh exeption when the device mtu is smaller than the reported pmtu · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 68/85] ipv4: Always invalidate or update the route on pmtu events · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 67/85] ipv6: GRO should be ECN friendly · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 77/85] ipv4: Add FLOWI_FLAG_KNOWN_NH · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 76/85] ipv4: introduce rt_uses_gateway · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 75/85] ipv4: make sure nh_pcpu_rth_output is always allocated · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 50/85] cgroup: notify_on_release may not be triggered in some cases · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 58/85] iommu/tegra: smmu: Fix deadly typo · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 57/85] pinctrl: fix missing unlock on error in pinctrl_groups_show() · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 55/85] pinctrl: tegra: set low power mode bank width to 2 · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 54/85] dt: Document: correct tegra20/30 pinctrl slew-rate name · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 53/85] pinctrl: tegra: correct bank for pingroup and drv pingroup · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 52/85] Revert "cgroup: Drop task_lock(parent) on cgroup_fork()" · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 51/85] Revert "cgroup: Remove task_lock() from cgroup_post_fork()" · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 63/85] netlink: add reference of module in netlink_dump_start · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 64/85] infiniband: pass rdma_cm module to netlink_dump_start · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 60/85] xtensa: add missing system calls to the syscall table · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
Re: [ 60/85] xtensa: add missing system calls to the syscall table · Ben Hutchings <hidden> · 2012-10-27
Re: [ 60/85] xtensa: add missing system calls to the syscall table · Chris Zankel <chris@zankel.net> · 2012-10-27
[ 35/85] USB: kobil_sct: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 44/85] USB: option: add more ZTE devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 43/85] USB: option: blacklist net interface on ZTE devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 42/85] USB: keyspan_pda: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 41/85] USB: io_edgeport: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 40/85] USB: kl5kusb105: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 38/85] USB: spcp8x5: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 37/85] USB: cp210x: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 36/85] USB: cypress_m8: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 49/85] USB: fix port probing and removal in garmin_gps · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 48/85] usb: Send Set SEL before enabling parent U1/U2 timeout. · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 28/85] USB: iuu_phoenix: fix sysfs-attribute creation · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 27/85] USB: iuu_phoenix: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 26/85] usb: host: xhci: New system added for Compliance Mode Patch on SN65LVPE502CP · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
Re: [ 26/85] usb: host: xhci: New system added for Compliance Mode Patch on SN65LVPE502CP · Ben Hutchings <hidden> · 2012-10-27
Re: [ 26/85] usb: host: xhci: New system added for Compliance Mode Patch on SN65LVPE502CP · Sarah Sharp <hidden> · 2012-11-01
[ 25/85] usb: musb: am35xx: drop spurious unplugging a device · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 23/85] USB: io_ti: fix sysfs-attribute creation · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 22/85] USB: io_ti: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 20/85] USB: cdc-acm: fix pipe type of write endpoint · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 34/85] USB: ssu100: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 33/85] USB: pl2303: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 32/85] USB: belkin_sa: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 30/85] USB: f81232: fix port-data memory leak · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 29/85] USB: ark3116: fix NULL-pointer dereference · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 04/85] usbdevfs: Fix broken scatter-gather transfer · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 13/85] ring-buffer: Check for uninitialized cpu buffer before resizing · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 12/85] SUNRPC: Set alloc_slot for backchannel tcp ops · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 11/85] SUNRPC: Prevent kernel stack corruption on long values of flush · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 10/85] s390: fix linker script for 31 bit builds · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 09/85] oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 08/85] NLM: nlm_lookup_file() may return NLMv4-specific error codes · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 18/85] x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping. · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
Re: [ 18/85] x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping. · Ben Hutchings <hidden> · 2012-10-27
[ 17/85] x86, amd, mce: Avoid NULL pointer reference on CPU northbridge lookup · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 15/85] kernel/sys.c: fix stack memory content leak via UNAME26 · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 14/85] pcmcia: sharpsl: dont discard sharpsl_pcmcia_ops · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26
[ 01/85] ext4: race-condition protection for ext4_convert_unwritten_extents_endio · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2012-10-26

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2012-10-26 00:28:04
Also in: lkml

3.6-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Johan Hovold <redacted>

commit 7bdce71822f471433dd3014692e9096996c7b5f0 upstream.

Fix NULL-pointer dereference at release by replacing attach and release
with port_probe and port_remove.

Since commit 0998d0631001288 (device-core: Ensure drvdata = NULL when no
driver is bound) the port private data is NULL when release is called.

Compile-only tested.

Signed-off-by: Johan Hovold <redacted>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/ark3116.c |   26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

--- a/drivers/usb/serial/ark3116.c
+++ b/drivers/usb/serial/ark3116.c

@@ -126,9 +126,6 @@ static inline int calc_divisor(int bps)
 
 static int ark3116_attach(struct usb_serial *serial)
 {
-	struct usb_serial_port *port = serial->port[0];
-	struct ark3116_private *priv;
-
 	/* make sure we have our end-points */
 	if ((serial->num_bulk_in == 0) ||
 	    (serial->num_bulk_out == 0) ||

@@ -143,8 +140,15 @@ static int ark3116_attach(struct usb_ser
 		return -EINVAL;
 	}
 
-	priv = kzalloc(sizeof(struct ark3116_private),
-		       GFP_KERNEL);
+	return 0;
+}
+
+static int ark3116_port_probe(struct usb_serial_port *port)
+{
+	struct usb_serial *serial = port->serial;
+	struct ark3116_private *priv;
+
+	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
 	if (!priv)
 		return -ENOMEM;

@@ -199,18 +203,15 @@ static int ark3116_attach(struct usb_ser
 	return 0;
 }
 
-static void ark3116_release(struct usb_serial *serial)
+static int ark3116_port_remove(struct usb_serial_port *port)
 {
-	struct usb_serial_port *port = serial->port[0];
 	struct ark3116_private *priv = usb_get_serial_port_data(port);
 
 	/* device is closed, so URBs and DMA should be down */
-
-	usb_set_serial_port_data(port, NULL);
-
 	mutex_destroy(&priv->hw_lock);
-
 	kfree(priv);
+
+	return 0;
 }
 
 static void ark3116_init_termios(struct tty_struct *tty)

@@ -725,7 +726,8 @@ static struct usb_serial_driver ark3116_
 	.id_table =		id_table,
 	.num_ports =		1,
 	.attach =		ark3116_attach,
-	.release =		ark3116_release,
+	.port_probe =		ark3116_port_probe,
+	.port_remove =		ark3116_port_remove,
 	.set_termios =		ark3116_set_termios,
 	.init_termios =		ark3116_init_termios,
 	.ioctl =		ark3116_ioctl,

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help