Re: [PATCH net,stable] qmi_wwan: fix NULL deref on disconnect

Tue, 08 Aug 2017 21:15:08 -0700 

From: Bjørn Mork <bj...@mork.no>
Date: Tue,  8 Aug 2017 18:02:11 +0200

> qmi_wwan_disconnect is called twice when disconnecting devices with
> separate control and data interfaces.  The first invocation will set
> the interface data to NULL for both interfaces to flag that the
> disconnect has been handled.  But the matching NULL check was left
> out when qmi_wwan_disconnect was added, resulting in this oops:
> 
>   usb 2-1.4: USB disconnect, device number 4
>   qmi_wwan 2-1.4:1.6 wwp0s29u1u4i6: unregister 'qmi_wwan' 
> usb-0000:00:1d.0-1.4, WWAN/QMI device
>   BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0
>   IP: qmi_wwan_disconnect+0x25/0xc0 [qmi_wwan]
>   PGD 0
>   P4D 0
>   Oops: 0000 [#1] SMP
>   Modules linked in: <stripped irrelevant module list>
>   CPU: 2 PID: 33 Comm: kworker/2:1 Tainted: G            E   
> 4.12.3-nr44-normandy-r1500619820+ #1
>   Hardware name: LENOVO 4291LR7/4291LR7, BIOS CBET4000 4.6-810-g50522254fb 
> 07/21/2017
>   Workqueue: usb_hub_wq hub_event [usbcore]
>   task: ffff8c882b716040 task.stack: ffffb8e800d84000
>   RIP: 0010:qmi_wwan_disconnect+0x25/0xc0 [qmi_wwan]
>   RSP: 0018:ffffb8e800d87b38 EFLAGS: 00010246
>   RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
>   RDX: 0000000000000001 RSI: ffff8c8824f3f1d0 RDI: ffff8c8824ef6400
>   RBP: ffff8c8824ef6400 R08: 0000000000000000 R09: 0000000000000000
>   R10: ffffb8e800d87780 R11: 0000000000000011 R12: ffffffffc07ea0e8
>   R13: ffff8c8824e2e000 R14: ffff8c8824e2e098 R15: 0000000000000000
>   FS:  0000000000000000(0000) GS:ffff8c8835300000(0000) knlGS:0000000000000000
>   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   CR2: 00000000000000e0 CR3: 0000000229ca5000 CR4: 00000000000406e0
>   Call Trace:
>    ? usb_unbind_interface+0x71/0x270 [usbcore]
>    ? device_release_driver_internal+0x154/0x210
>    ? qmi_wwan_unbind+0x6d/0xc0 [qmi_wwan]
>    ? usbnet_disconnect+0x6c/0xf0 [usbnet]
>    ? qmi_wwan_disconnect+0x87/0xc0 [qmi_wwan]
>    ? usb_unbind_interface+0x71/0x270 [usbcore]
>    ? device_release_driver_internal+0x154/0x210
> 
> Reported-and-tested-by: Nathaniel Roach <nroac...@gmail.com>
> Fixes: c6adf77953bc ("net: usb: qmi_wwan: add qmap mux protocol support")
> Cc: Daniele Palmas <dnl...@gmail.com>
> Signed-off-by: Bjørn Mork <bj...@mork.no>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to