HID: picolcd: Prevent NULL pointer dereference on _remove()
authorBruno Prémont <bonbons@linux-vserver.org>
Sat, 31 Aug 2013 12:07:48 +0000 (14:07 +0200)
committerJiri Kosina <jkosina@suse.cz>
Mon, 2 Sep 2013 11:36:50 +0000 (13:36 +0200)
commit1cde501bb4655e98fb832194beb88ac73be5a05d
tree86cc70fe2cc7c5e4fa875a5ada657a3825056428
parent9e0bf92c223dabe0789714f8f85f6e26f8f9cda4
HID: picolcd: Prevent NULL pointer dereference on _remove()

When picolcd is switched into bootloader mode (for FW flashing) make
sure not to try to dereference NULL-pointers of feature-devices during
unplug/unbind.

This fixes following BUG:
  BUG: unable to handle kernel NULL pointer dereference at 00000298
  IP: [<f811f56b>] picolcd_exit_framebuffer+0x1b/0x80 [hid_picolcd]
  *pde = 00000000
  Oops: 0000 [#1]
  Modules linked in: hid_picolcd syscopyarea sysfillrect sysimgblt fb_sys_fops
  CPU: 0 PID: 15 Comm: khubd Not tainted 3.11.0-rc7-00002-g50d62d4 #2
  EIP: 0060:[<f811f56b>] EFLAGS: 00010292 CPU: 0
  EIP is at picolcd_exit_framebuffer+0x1b/0x80 [hid_picolcd]
  Call Trace:
   [<f811d1ab>] picolcd_remove+0xcb/0x120 [hid_picolcd]
   [<c1469b09>] hid_device_remove+0x59/0xc0
   [<c13464ca>] __device_release_driver+0x5a/0xb0
   [<c134653f>] device_release_driver+0x1f/0x30
   [<c134603d>] bus_remove_device+0x9d/0xd0
   [<c13439a5>] device_del+0xd5/0x150
   [<c14696a4>] hid_destroy_device+0x24/0x60
   [<c1474cbb>] usbhid_disconnect+0x1b/0x40
   ...

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: stable@kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
drivers/hid/hid-picolcd_cir.c
drivers/hid/hid-picolcd_fb.c