mirror of
https://github.com/torvalds/linux.git
synced 2024-11-28 15:11:31 +00:00
b214f191d9
If I unplug a device while the UAS driver is loaded, I get an oops in usb_free_streams(). This is because usb_unbind_interface() calls usb_disable_interface() which calls usb_disable_endpoint() which sets ep_out and ep_in to NULL. Then the UAS driver calls usb_pipe_endpoint() which returns a NULL pointer and passes an array of NULL pointers to usb_free_streams(). I think the correct fix for this is to check for the NULL pointer in usb_free_streams() rather than making the driver check for this situation. My original patch for this checked for dev->state == USB_STATE_NOTATTACHED, but the call to usb_disable_interface() is conditional, so not all drivers would want this check. Note from Sarah Sharp: This patch does avoid a potential dereference, but the real fix (which will be implemented later) is to set the .soft_unbind flag in the usb_driver structure for the UAS driver, and all drivers that allocate streams. The driver should free any streams when it is unbound from the interface. This avoids leaking stream rings in the xHCI driver when usb_disable_interface() is called. This should be queued for stable trees back to 2.6.35. Signed-off-by: Matthew Wilcox <willy@linux.intel.com> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> Cc: stable@kernel.org |
||
|---|---|---|
| .. | ||
| buffer.c | ||
| config.c | ||
| devices.c | ||
| devio.c | ||
| driver.c | ||
| endpoint.c | ||
| file.c | ||
| generic.c | ||
| hcd-pci.c | ||
| hcd.c | ||
| hub.c | ||
| inode.c | ||
| Kconfig | ||
| Makefile | ||
| message.c | ||
| notify.c | ||
| otg_whitelist.h | ||
| quirks.c | ||
| sysfs.c | ||
| urb.c | ||
| usb.c | ||
| usb.h | ||