| From b68fea522b8d1b4c48584f2ee466d27dee130244 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 23 Oct 2019 01:24:03 +0000 |
| Subject: HID: rmi: Check that the RMI_STARTED bit is set before unregistering |
| the RMI transport device |
| |
| From: Andrew Duggan <aduggan@synaptics.com> |
| |
| [ Upstream commit 8725aa4fa7ded30211ebd28bb1c9bae806eb3841 ] |
| |
| In the event that the RMI device is unreachable, the calls to rmi_set_mode() or |
| rmi_set_page() will fail before registering the RMI transport device. When the |
| device is removed, rmi_remove() will call rmi_unregister_transport_device() |
| which will attempt to access the rmi_dev pointer which was not set. |
| This patch adds a check of the RMI_STARTED bit before calling |
| rmi_unregister_transport_device(). The RMI_STARTED bit is only set |
| after rmi_register_transport_device() completes successfully. |
| |
| The kernel oops was reported in this message: |
| https://www.spinics.net/lists/linux-input/msg58433.html |
| |
| [jkosina@suse.cz: reworded changelog as agreed with Andrew] |
| Signed-off-by: Andrew Duggan <aduggan@synaptics.com> |
| Reported-by: Federico Cerutti <federico@ceres-c.it> |
| Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/hid/hid-rmi.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c |
| index 9e33165250a3..a5b6b2be9cda 100644 |
| --- a/drivers/hid/hid-rmi.c |
| +++ b/drivers/hid/hid-rmi.c |
| @@ -737,7 +737,8 @@ static void rmi_remove(struct hid_device *hdev) |
| { |
| struct rmi_data *hdata = hid_get_drvdata(hdev); |
| |
| - if (hdata->device_flags & RMI_DEVICE) { |
| + if ((hdata->device_flags & RMI_DEVICE) |
| + && test_bit(RMI_STARTED, &hdata->flags)) { |
| clear_bit(RMI_STARTED, &hdata->flags); |
| cancel_work_sync(&hdata->reset_work); |
| rmi_unregister_transport_device(&hdata->xport); |
| -- |
| 2.20.1 |
| |
