| From 66d78edce85c1cb12e979f52b0ed0230a0c7f7c7 Mon Sep 17 00:00:00 2001 |
| From: Andrew Duggan <aduggan@synaptics.com> |
| Date: Wed, 23 Oct 2019 01:24:03 +0000 |
| Subject: [PATCH] HID: rmi: Check that the RMI_STARTED bit is set before |
| unregistering the RMI transport device |
| |
| commit 8725aa4fa7ded30211ebd28bb1c9bae806eb3841 upstream. |
| |
| In the event that the RMI device is unreachable, the calls to rmi_set_mode() or |
| rmi_set_page() will fail before registering the RMI transport device. When the |
| device is removed, rmi_remove() will call rmi_unregister_transport_device() |
| which will attempt to access the rmi_dev pointer which was not set. |
| This patch adds a check of the RMI_STARTED bit before calling |
| rmi_unregister_transport_device(). The RMI_STARTED bit is only set |
| after rmi_register_transport_device() completes successfully. |
| |
| The kernel oops was reported in this message: |
| https://www.spinics.net/lists/linux-input/msg58433.html |
| |
| [jkosina@suse.cz: reworded changelog as agreed with Andrew] |
| Signed-off-by: Andrew Duggan <aduggan@synaptics.com> |
| Reported-by: Federico Cerutti <federico@ceres-c.it> |
| Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c |
| index 7c6abd7e0979..9ce22acdfaca 100644 |
| --- a/drivers/hid/hid-rmi.c |
| +++ b/drivers/hid/hid-rmi.c |
| @@ -744,7 +744,8 @@ static void rmi_remove(struct hid_device *hdev) |
| { |
| struct rmi_data *hdata = hid_get_drvdata(hdev); |
| |
| - if (hdata->device_flags & RMI_DEVICE) { |
| + if ((hdata->device_flags & RMI_DEVICE) |
| + && test_bit(RMI_STARTED, &hdata->flags)) { |
| clear_bit(RMI_STARTED, &hdata->flags); |
| cancel_work_sync(&hdata->reset_work); |
| rmi_unregister_transport_device(&hdata->xport); |
| -- |
| 2.7.4 |
| |
