From: Thomas Pugliese Date: Fri, 9 Aug 2013 14:25:37 +0000 (-0500) Subject: HWA RC: fix a kernel panic when unplugging the HWA dongle X-Git-Tag: firefly_0821_release~176^2~5474^2~87 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c654ecbbfefbeec8fbf202e117364bff48ecaea3;p=firefly-linux-kernel-4.4.55.git HWA RC: fix a kernel panic when unplugging the HWA dongle This patch fixes a kernel panic that can occur when unplugging the HWA dongle while a downstream device is in the process of disconnecting. This involved 2 changes. First, call usb_lock_device_for_reset before usb_reset_device to synchronize the HWA's post_rest and disconnect routines. Second, set the hwarc->neep_urb and hwarc->rd_buffer to NULL when they are freed in the error path in the post_reset routine. This prevents a double free when the disconnect routine is called and attempts to free those resources again. Signed-off-by: Thomas Pugliese Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/uwb/hwa-rc.c b/drivers/uwb/hwa-rc.c index 0621abef9b4a..0257f35cfb9d 100644 --- a/drivers/uwb/hwa-rc.c +++ b/drivers/uwb/hwa-rc.c @@ -611,7 +611,16 @@ static int hwarc_reset(struct uwb_rc *uwb_rc) { struct hwarc *hwarc = uwb_rc->priv; - return usb_reset_device(hwarc->usb_dev); + int result; + + /* device lock must be held when calling usb_reset_device. */ + result = usb_lock_device_for_reset(hwarc->usb_dev, NULL); + if (result >= 0) { + result = usb_reset_device(hwarc->usb_dev); + usb_unlock_device(hwarc->usb_dev); + } + + return result; } /** @@ -709,8 +718,10 @@ static int hwarc_neep_init(struct uwb_rc *rc) error_neep_submit: usb_free_urb(hwarc->neep_urb); + hwarc->neep_urb = NULL; error_urb_alloc: free_page((unsigned long)hwarc->rd_buffer); + hwarc->rd_buffer = NULL; error_rd_buffer: return -ENOMEM; } @@ -723,7 +734,10 @@ static void hwarc_neep_release(struct uwb_rc *rc) usb_kill_urb(hwarc->neep_urb); usb_free_urb(hwarc->neep_urb); + hwarc->neep_urb = NULL; + free_page((unsigned long)hwarc->rd_buffer); + hwarc->rd_buffer = NULL; } /**