• Bruno Prémont's avatar
    HID: picolcd: Prevent NULL pointer dereference on _remove() · 69f2af2d
    Bruno Prémont authored
    commit 1cde501bb4655e98fb832194beb88ac73be5a05d upstream.
    
    When picolcd is switched into bootloader mode (for FW flashing) make
    sure not to try to dereference NULL-pointers of feature-devices during
    unplug/unbind.
    
    This fixes following BUG:
      BUG: unable to handle kernel NULL pointer dereference at 00000298
      IP: [<f811f56b>] picolcd_exit_framebuffer+0x1b/0x80 [hid_picolcd]
      *pde = 00000000
      Oops: 0000 [#1]
      Modules linked in: hid_picolcd syscopyarea sysfillrect sysimgblt fb_sys_fops
      CPU: 0 PID: 15 Comm: khubd Not tainted 3.11.0-rc7-00002-g50d62d4 #2
      EIP: 0060:[<f811f56b>] EFLAGS: 00010292 CPU: 0
      EIP is at picolcd_exit_framebuffer+0x1b/0x80 [hid_picolcd]
      Call Trace:
       [<f811d1ab>] picolcd_remove+0xcb/0x120 [hid_picolcd]
       [<c1469b09>] hid_device_remove+0x59/0xc0
       [<c13464ca>] __device_release_driver+0x5a/0xb0
       [<c134653f>] device_release_driver+0x1f/0x30
       [<c134603d>] bus_remove_device+0x9d/0xd0
       [<c13439a5>] device_del+0xd5/0x150
       [<c14696a4>] hid_destroy_device+0x24/0x60
       [<c1474cbb>] usbhid_disconnect+0x1b/0x40
       ...
    Signed-off-by: default avatarBruno Prémont <bonbons@linux-vserver.org>
    Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    69f2af2d
hid-picolcd_fb.c 17.2 KB