HID: hid-bigbenff: fix race condition for scheduled work during removal

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It's possible that there is scheduled work left while the device is
already being removed, which can cause a kernel crash. Adding a flag
will avoid this.

Signed-off-by: Hanno Zulla <kontakt@hanno.de>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

authored by

Hanno Zulla and committed by

Benjamin Tissoires 6 years ago 4eb1b01d 976a54d0

1 changed file

expand all

drivers

hid

hid-bigbenff.c

drivers/hid/hid-bigbenff.c

··· 174 174 struct bigben_device { 175 175 struct hid_device *hid; 176 176 struct hid_report *report; 177 + bool removed; 177 178 u8 led_state; /* LED1 = 1 .. LED4 = 8 */ 178 179 u8 right_motor_on; /* right motor off/on 0/1 */ 179 180 u8 left_motor_force; /* left motor force 0-255 */ ··· 190 189 struct bigben_device *bigben = container_of(work, 191 190 struct bigben_device, worker); 192 191 struct hid_field *report_field = bigben->report->field[0]; 192 + 193 + if (bigben->removed) 194 + return; 193 195 194 196 if (bigben->work_led) { 195 197 bigben->work_led = false; ··· 308 304 { 309 305 struct bigben_device *bigben = hid_get_drvdata(hid); 310 306 307 + bigben->removed = true; 311 308 cancel_work_sync(&bigben->worker); 312 309 hid_hw_stop(hid); 313 310 } ··· 329 324 return -ENOMEM; 330 325 hid_set_drvdata(hid, bigben); 331 326 bigben->hid = hid; 327 + bigben->removed = false; 332 328 333 329 error = hid_parse(hid); 334 330 if (error) {