[PATCH 1/3] USB: ark3116: fix NULL-pointer dereference

Johan Hovold Mon, 15 Oct 2012 09:21:41 -0700

Fix NULL-pointer dereference at release by replacing attach and release
with port_probe and port_remove.


Since commit 0998d0631001288 (device-core: Ensure drvdata = NULL when no
driver is bound) the port private data is NULL when release is called.

Compile-only tested.

Cc: <sta...@vger.kernel.org>
Signed-off-by: Johan Hovold <jhov...@gmail.com>
---
 drivers/usb/serial/ark3116.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/drivers/usb/serial/ark3116.c b/drivers/usb/serial/ark3116.c
index cf2522c..bd50a8a4 100644
--- a/drivers/usb/serial/ark3116.c
+++ b/drivers/usb/serial/ark3116.c
@@ -125,9 +125,6 @@ static inline int calc_divisor(int bps)
 
 static int ark3116_attach(struct usb_serial *serial)
 {
-       struct usb_serial_port *port = serial->port[0];
-       struct ark3116_private *priv;
-
        /* make sure we have our end-points */
        if ((serial->num_bulk_in == 0) ||
            (serial->num_bulk_out == 0) ||
@@ -142,8 +139,15 @@ static int ark3116_attach(struct usb_serial *serial)
                return -EINVAL;
        }
 
-       priv = kzalloc(sizeof(struct ark3116_private),
-                      GFP_KERNEL);
+       return 0;
+}
+
+static int ark3116_port_probe(struct usb_serial_port *port)
+{
+       struct usb_serial *serial = port->serial;
+       struct ark3116_private *priv;
+
+       priv = kzalloc(sizeof(*priv), GFP_KERNEL);
        if (!priv)
                return -ENOMEM;
 
@@ -198,18 +202,15 @@ static int ark3116_attach(struct usb_serial *serial)
        return 0;
 }
 
-static void ark3116_release(struct usb_serial *serial)
+static int ark3116_port_remove(struct usb_serial_port *port)
 {
-       struct usb_serial_port *port = serial->port[0];
        struct ark3116_private *priv = usb_get_serial_port_data(port);
 
        /* device is closed, so URBs and DMA should be down */
-
-       usb_set_serial_port_data(port, NULL);
-
        mutex_destroy(&priv->hw_lock);
-
        kfree(priv);
+
+       return 0;
 }
 
 static void ark3116_init_termios(struct tty_struct *tty)
@@ -723,7 +724,8 @@ static struct usb_serial_driver ark3116_device = {
        .id_table =             id_table,
        .num_ports =            1,
        .attach =               ark3116_attach,
-       .release =              ark3116_release,
+       .port_probe =           ark3116_port_probe,
+       .port_remove =          ark3116_port_remove,
        .set_termios =          ark3116_set_termios,
        .init_termios =         ark3116_init_termios,
        .ioctl =                ark3116_ioctl,
-- 
1.7.12.3

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/3] USB: ark3116: fix NULL-pointer dereference

Reply via email to