Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 2c5d2dde06b89f1a2f3fc5f064cd39685f8e3c47

Authored by Johan Hovold
Committed by Greg Kroah-Hartman
1 parent 14d38f7d80

USB: keyspan: fix null-deref at probe 

commit b5122236bba8d7ef62153da5b55cc65d0944c61e upstream.

Fix null-pointer dereference during probe if the interface-status
completion handler is called before the individual ports have been set
up.

Fixes: f79b2d0fe81e ("USB: keyspan: fix NULL-pointer dereferences and
memory leaks")
Reported-by: Richard <richjunk@pacbell.net>
Tested-by: Richard <richjunk@pacbell.net>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Showing 1 changed file with 15 additions and 5 deletions Side-by-side Diff

drivers/usb/serial/keyspan.c
Diff comments   View file @ 2c5d2dd
... ... @@ -410,6 +410,8 @@
410 410 }
411 411 port = serial->port[msg->port];
412 412 p_priv = usb_get_serial_port_data(port);
  413 + if (!p_priv)
  414 + goto resubmit;
413 415  
414 416 /* Update handshaking pin state information */
415 417 old_dcd_state = p_priv->dcd_state;
... ... @@ -420,7 +422,7 @@
420 422  
421 423 if (old_dcd_state != p_priv->dcd_state)
422 424 tty_port_tty_hangup(&port->port, true);
423   -
  425 +resubmit:
424 426 /* Resubmit urb so we continue receiving */
425 427 err = usb_submit_urb(urb, GFP_ATOMIC);
426 428 if (err != 0)
... ... @@ -527,6 +529,8 @@
527 529 }
528 530 port = serial->port[msg->port];
529 531 p_priv = usb_get_serial_port_data(port);
  532 + if (!p_priv)
  533 + goto resubmit;
530 534  
531 535 /* Update handshaking pin state information */
532 536 old_dcd_state = p_priv->dcd_state;
... ... @@ -537,7 +541,7 @@
537 541  
538 542 if (old_dcd_state != p_priv->dcd_state && old_dcd_state)
539 543 tty_port_tty_hangup(&port->port, true);
540   -
  544 +resubmit:
541 545 /* Resubmit urb so we continue receiving */
542 546 err = usb_submit_urb(urb, GFP_ATOMIC);
543 547 if (err != 0)
... ... @@ -607,6 +611,8 @@
607 611 }
608 612 port = serial->port[msg->portNumber];
609 613 p_priv = usb_get_serial_port_data(port);
  614 + if (!p_priv)
  615 + goto resubmit;
610 616  
611 617 /* Update handshaking pin state information */
612 618 old_dcd_state = p_priv->dcd_state;
... ... @@ -617,7 +623,7 @@
617 623  
618 624 if (old_dcd_state != p_priv->dcd_state && old_dcd_state)
619 625 tty_port_tty_hangup(&port->port, true);
620   -
  626 +resubmit:
621 627 /* Resubmit urb so we continue receiving */
622 628 err = usb_submit_urb(urb, GFP_ATOMIC);
623 629 if (err != 0)
... ... @@ -855,6 +861,8 @@
855 861  
856 862 port = serial->port[0];
857 863 p_priv = usb_get_serial_port_data(port);
  864 + if (!p_priv)
  865 + goto resubmit;
858 866  
859 867 /* Update handshaking pin state information */
860 868 old_dcd_state = p_priv->dcd_state;
... ... @@ -865,7 +873,7 @@
865 873  
866 874 if (old_dcd_state != p_priv->dcd_state && old_dcd_state)
867 875 tty_port_tty_hangup(&port->port, true);
868   -
  876 +resubmit:
869 877 /* Resubmit urb so we continue receiving */
870 878 err = usb_submit_urb(urb, GFP_ATOMIC);
871 879 if (err != 0)
... ... @@ -926,6 +934,8 @@
926 934  
927 935 port = serial->port[msg->port];
928 936 p_priv = usb_get_serial_port_data(port);
  937 + if (!p_priv)
  938 + goto resubmit;
929 939  
930 940 /* Update handshaking pin state information */
931 941 old_dcd_state = p_priv->dcd_state;
... ... @@ -934,7 +944,7 @@
934 944  
935 945 if (old_dcd_state != p_priv->dcd_state && old_dcd_state)
936 946 tty_port_tty_hangup(&port->port, true);
937   -
  947 +resubmit:
938 948 /* Resubmit urb so we continue receiving */
939 949 err = usb_submit_urb(urb, GFP_ATOMIC);
940 950 if (err != 0)