HWA RC: fix a kernel panic when unplugging the HWA dongle

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch fixes a kernel panic that can occur when unplugging the HWA
dongle while a downstream device is in the process of disconnecting.
This involved 2 changes. First, call usb_lock_device_for_reset before
usb_reset_device to synchronize the HWA's post_rest and disconnect
routines. Second, set the hwarc->neep_urb and hwarc->rd_buffer to NULL
when they are freed in the error path in the post_reset routine. This
prevents a double free when the disconnect routine is called and attempts
to free those resources again.

Signed-off-by: Thomas Pugliese <thomas.pugliese@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Thomas Pugliese and committed by

Greg Kroah-Hartman 12 years ago c654ecbb 6dd433e6

+15 -1

1 changed file

expand all

drivers

uwb

hwa-rc.c

+15 -1

drivers/uwb/hwa-rc.c

··· 611 611 int hwarc_reset(struct uwb_rc *uwb_rc) 612 612 { 613 613 struct hwarc *hwarc = uwb_rc->priv; 614 - return usb_reset_device(hwarc->usb_dev); 614 + int result; 615 + 616 + /* device lock must be held when calling usb_reset_device. */ 617 + result = usb_lock_device_for_reset(hwarc->usb_dev, NULL); 618 + if (result >= 0) { 619 + result = usb_reset_device(hwarc->usb_dev); 620 + usb_unlock_device(hwarc->usb_dev); 621 + } 622 + 623 + return result; 615 624 } 616 625 617 626 /** ··· 718 709 719 710 error_neep_submit: 720 711 usb_free_urb(hwarc->neep_urb); 712 + hwarc->neep_urb = NULL; 721 713 error_urb_alloc: 722 714 free_page((unsigned long)hwarc->rd_buffer); 715 + hwarc->rd_buffer = NULL; 723 716 error_rd_buffer: 724 717 return -ENOMEM; 725 718 } ··· 734 723 735 724 usb_kill_urb(hwarc->neep_urb); 736 725 usb_free_urb(hwarc->neep_urb); 726 + hwarc->neep_urb = NULL; 727 + 737 728 free_page((unsigned long)hwarc->rd_buffer); 729 + hwarc->rd_buffer = NULL; 738 730 } 739 731 740 732 /**