This is a note to let you know that I've just added the patch titled
USB: ark3116: fix NULL-pointer dereference
to the 3.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
usb-ark3116-fix-null-pointer-dereference.patch
and it can be found in the queue-3.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 7bdce71822f471433dd3014692e9096996c7b5f0 Mon Sep 17 00:00:00 2001
From: Johan Hovold <[email protected]>
Date: Mon, 15 Oct 2012 18:20:52 +0200
Subject: USB: ark3116: fix NULL-pointer dereference
From: Johan Hovold <[email protected]>
commit 7bdce71822f471433dd3014692e9096996c7b5f0 upstream.
Fix NULL-pointer dereference at release by replacing attach and release
with port_probe and port_remove.
Since commit 0998d0631001288 (device-core: Ensure drvdata = NULL when no
driver is bound) the port private data is NULL when release is called.
Compile-only tested.
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/serial/ark3116.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
--- a/drivers/usb/serial/ark3116.c
+++ b/drivers/usb/serial/ark3116.c
@@ -126,9 +126,6 @@ static inline int calc_divisor(int bps)
static int ark3116_attach(struct usb_serial *serial)
{
- struct usb_serial_port *port = serial->port[0];
- struct ark3116_private *priv;
-
/* make sure we have our end-points */
if ((serial->num_bulk_in == 0) ||
(serial->num_bulk_out == 0) ||
@@ -143,8 +140,15 @@ static int ark3116_attach(struct usb_ser
return -EINVAL;
}
- priv = kzalloc(sizeof(struct ark3116_private),
- GFP_KERNEL);
+ return 0;
+}
+
+static int ark3116_port_probe(struct usb_serial_port *port)
+{
+ struct usb_serial *serial = port->serial;
+ struct ark3116_private *priv;
+
+ priv = kzalloc(sizeof(*priv), GFP_KERNEL);
if (!priv)
return -ENOMEM;
@@ -199,18 +203,15 @@ static int ark3116_attach(struct usb_ser
return 0;
}
-static void ark3116_release(struct usb_serial *serial)
+static int ark3116_port_remove(struct usb_serial_port *port)
{
- struct usb_serial_port *port = serial->port[0];
struct ark3116_private *priv = usb_get_serial_port_data(port);
/* device is closed, so URBs and DMA should be down */
-
- usb_set_serial_port_data(port, NULL);
-
mutex_destroy(&priv->hw_lock);
-
kfree(priv);
+
+ return 0;
}
static void ark3116_init_termios(struct tty_struct *tty)
@@ -725,7 +726,8 @@ static struct usb_serial_driver ark3116_
.id_table = id_table,
.num_ports = 1,
.attach = ark3116_attach,
- .release = ark3116_release,
+ .port_probe = ark3116_port_probe,
+ .port_remove = ark3116_port_remove,
.set_termios = ark3116_set_termios,
.init_termios = ark3116_init_termios,
.ioctl = ark3116_ioctl,
Patches currently in stable-queue which might be from [email protected] are
queue-3.6/usb-io_ti-fix-sysfs-attribute-creation.patch
queue-3.6/usb-kobil_sct-fix-port-data-memory-leak.patch
queue-3.6/usb-iuu_phoenix-fix-port-data-memory-leak.patch
queue-3.6/usb-f81232-fix-port-data-memory-leak.patch
queue-3.6/usb-cypress_m8-fix-port-data-memory-leak.patch
queue-3.6/usb-io_ti-fix-port-data-memory-leak.patch
queue-3.6/usb-cyberjack-fix-port-data-memory-leak.patch
queue-3.6/usb-ark3116-fix-null-pointer-dereference.patch
queue-3.6/usb-pl2303-fix-port-data-memory-leak.patch
queue-3.6/usb-iuu_phoenix-fix-sysfs-attribute-creation.patch
queue-3.6/usb-oti6858-fix-port-data-memory-leak.patch
queue-3.6/usb-belkin_sa-fix-port-data-memory-leak.patch
queue-3.6/usb-ssu100-fix-port-data-memory-leak.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
