linux/drivers
Bjørn Mork 3df3ba2d4d qmi_wwan: fix NULL deref on disconnect
qmi_wwan_disconnect is called twice when disconnecting devices with
separate control and data interfaces.  The first invocation will set
the interface data to NULL for both interfaces to flag that the
disconnect has been handled.  But the matching NULL check was left
out when qmi_wwan_disconnect was added, resulting in this oops:

  usb 2-1.4: USB disconnect, device number 4
  qmi_wwan 2-1.4:1.6 wwp0s29u1u4i6: unregister 'qmi_wwan' usb-0000:00:1d.0-1.4, WWAN/QMI device
  BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0
  IP: qmi_wwan_disconnect+0x25/0xc0 [qmi_wwan]
  PGD 0
  P4D 0
  Oops: 0000 [#1] SMP
  Modules linked in: <stripped irrelevant module list>
  CPU: 2 PID: 33 Comm: kworker/2:1 Tainted: G            E   4.12.3-nr44-normandy-r1500619820+ #1
  Hardware name: LENOVO 4291LR7/4291LR7, BIOS CBET4000 4.6-810-g50522254fb 07/21/2017
  Workqueue: usb_hub_wq hub_event [usbcore]
  task: ffff8c882b716040 task.stack: ffffb8e800d84000
  RIP: 0010:qmi_wwan_disconnect+0x25/0xc0 [qmi_wwan]
  RSP: 0018:ffffb8e800d87b38 EFLAGS: 00010246
  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  RDX: 0000000000000001 RSI: ffff8c8824f3f1d0 RDI: ffff8c8824ef6400
  RBP: ffff8c8824ef6400 R08: 0000000000000000 R09: 0000000000000000
  R10: ffffb8e800d87780 R11: 0000000000000011 R12: ffffffffc07ea0e8
  R13: ffff8c8824e2e000 R14: ffff8c8824e2e098 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff8c8835300000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00000000000000e0 CR3: 0000000229ca5000 CR4: 00000000000406e0
  Call Trace:
   ? usb_unbind_interface+0x71/0x270 [usbcore]
   ? device_release_driver_internal+0x154/0x210
   ? qmi_wwan_unbind+0x6d/0xc0 [qmi_wwan]
   ? usbnet_disconnect+0x6c/0xf0 [usbnet]
   ? qmi_wwan_disconnect+0x87/0xc0 [qmi_wwan]
   ? usb_unbind_interface+0x71/0x270 [usbcore]
   ? device_release_driver_internal+0x154/0x210

Reported-and-tested-by: Nathaniel Roach <nroach44@gmail.com>
Fixes: c6adf77953 ("net: usb: qmi_wwan: add qmap mux protocol support")
Cc: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-08 21:13:33 -07:00
..
accessibility
acpi Merge branches 'acpi-soc', 'acpi-wdat' and 'acpi-cppc' 2017-08-03 20:30:18 +02:00
amba
android binder: Use wake up hint for synchronous transactions. 2017-07-17 14:44:19 +02:00
ata libata: fix a couple of doc build warnings 2017-07-31 08:03:06 -07:00
atm atm: solos-pci: constify attribute_group structures 2017-08-02 16:53:24 -07:00
auxdisplay
base dma mapping fixes for 4.13-rc2: 2017-07-25 17:17:18 -07:00
bcma bcma: gpio: Correct number of GPIOs for BCM53573 2017-07-27 13:59:07 +03:00
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-07-28 12:13:34 -07:00
bluetooth Bluetooth: btusb: add ID for LiteOn 04ca:3016 2017-08-01 08:28:31 +03:00
bus bus: uniphier-system-bus: set up registers when resuming 2017-08-04 12:57:18 +02:00
cdrom block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
char Add wait_for_random_bytes() and get_random_*_wait() functions so that 2017-07-15 12:44:02 -07:00
clk clk: keystone: sci-clk: Fix sci_clk_get 2017-08-02 18:37:26 -07:00
clocksource clocksource/drivers/timer-of: Handle of_irq_get_byname() result correctly 2017-07-17 22:43:00 +02:00
connector
cpufreq Merge branches 'pm-cpufreq-x86', 'pm-cpufreq-docs' and 'intel_pstate' 2017-08-03 20:29:24 +02:00
cpuidle powerpc updates for 4.13 2017-07-07 13:55:45 -07:00
crypto crypto: brcm - remove BCM_PDC_MBOX dependency in Kconfig 2017-07-18 17:01:08 +08:00
dax - A few DM integrity fixes that improve performance. One that address 2017-07-28 12:17:17 -07:00
dca
devfreq PM / devfreq: constify attribute_group structures. 2017-07-06 10:17:24 +09:00
dio
dma dmaengine updates for 4.13-rc1 2017-07-08 12:36:50 -07:00
dma-buf Merge branch 'drm-misc-next-fixes' into drm-misc-fixes 2017-07-17 11:56:07 -04:00
edac EDAC, pnd2: Fix Apollo Lake DIMM detection 2017-06-29 10:37:50 +02:00
eisa
extcon
firewire networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
firmware efi: avoid fortify checks in EFI stub 2017-07-12 16:26:02 -07:00
fmc
fpga
fsi drivers/fsi: fix fsi_slave_mode prototype 2017-07-17 16:13:54 +02:00
gpio gpio: tegra: fix unbalanced chained_irq_enter/exit 2017-08-02 10:42:38 +02:00
gpu Merge branch 'drm-fixes-4.13' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2017-08-04 11:43:14 +10:00
hid HID: ortek: add one more buggy device 2017-07-24 17:38:21 +02:00
hsi HSI changes for the v4.13 series 2017-07-04 14:28:22 -07:00
hv vmbus: re-enable channel tasklet 2017-07-17 15:00:47 +02:00
hwmon hwmon: (applesmc) Avoid buffer overruns 2017-07-15 16:38:56 -07:00
hwspinlock
hwtracing Char/Misc patches for 4.13-rc1 2017-07-03 20:55:59 -07:00
i2c Merge branch 'i2c/for-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2017-07-12 10:04:56 -07:00
ide ide: avoid warning for timings calculation 2017-07-21 04:37:22 +01:00
idle intel_idle: Use more common logging style 2017-06-29 22:58:35 +02:00
iio hwmon updates for v4.13: 2017-07-04 11:48:27 -07:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-01 10:07:50 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-07-14 22:53:37 -07:00
iommu iommu/amd: Fix schedule-while-atomic BUG in initialization code 2017-07-26 15:39:14 +02:00
ipack
irqchip irqchip/digicolor: Drop unnecessary static 2017-07-18 21:59:23 +02:00
isdn isdn: kcapi: make capi_version const 2017-08-07 14:55:36 -07:00
leds LED updates for 4.13 2017-07-06 11:32:40 -07:00
lguest
lightnvm lightnvm: pblk: advance bio according to lba index 2017-07-28 08:06:00 -06:00
macintosh Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 13:13:32 -07:00
mailbox mailbox: pcc: Fix crash when request PCC channel 0 2017-07-26 02:11:47 +02:00
mcb
md Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-07-28 12:24:21 -07:00
media media: platform: davinci: drop VPFE_CMD_S_CCDC_RAW_PARAMS 2017-07-26 06:14:33 -04:00
memory ARM: SoC driver updates 2017-07-04 14:47:47 -07:00
memstick
message
mfd chrome-platform-for-linus-4.13 2017-07-11 09:55:47 -07:00
misc powerpc updates for 4.13 2017-07-07 13:55:45 -07:00
mmc mmc: block: bypass the queue even if usage is present for hotplug 2017-08-03 11:00:39 +02:00
mtd MTD updates for v4.13-rc1: 2017-07-13 12:07:44 -07:00
mux mux: mux-core: unregister mux_class in mux_exit() 2017-07-17 16:38:35 +02:00
net qmi_wwan: fix NULL deref on disconnect 2017-08-08 21:13:33 -07:00
nfc NFC 4.13 pull request 2017-07-01 14:30:39 -07:00
ntb ntb: Add error path/handling to Debug FS entry creation 2017-07-06 11:30:08 -04:00
nubus
nvdimm libnvdimm: fix badblock range handling of ARS range 2017-07-17 11:43:58 -07:00
nvme nvme: validate admin queue before unquiesce 2017-07-26 17:41:41 +02:00
nvmem nvmem: rockchip-efuse: amend compatible rk322x-efuse to rk3228-efuse 2017-07-17 16:15:57 +02:00
of of_mdio: use of_property_read_u32_array() 2017-08-07 14:07:32 -07:00
oprofile
parisc parisc: pdc_stable: Fix locking when creating sysfs links 2017-07-31 16:43:13 +02:00
parport
pci Power management fixes for v4.13-rc1 2017-07-14 22:24:25 -07:00
pcmcia
perf drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU 2017-07-27 13:43:22 +01:00
phy phy: bcm-ns-usb3: fix MDIO_BUS dependency 2017-07-27 17:20:19 -07:00
pinctrl pinctrl: stm32: select IRQ_DOMAIN_HIERARCHY instead of depends on 2017-08-01 10:04:41 +02:00
platform platform/x86: intel-vbtn: match power button on press rather than release 2017-08-05 14:37:19 -07:00
pnp This is the bulk of GPIO changes for the v4.13 series: 2017-07-07 12:40:27 -07:00
power power supply and reset changes for the v4.13 series (part 2) 2017-07-13 11:47:59 -07:00
powercap powercap/RAPL: prevent overridding bits outside of the mask 2017-06-28 00:38:34 +02:00
pps
ps3
ptp ptp: dte: Use LL suffix for 64-bit constants 2017-07-06 11:40:58 +01:00
pwm pwm: Changes for v4.13-rc1 2017-07-13 11:49:52 -07:00
rapidio
ras arm64 updates for 4.13: 2017-07-05 17:09:27 -07:00
regulator Merge remote-tracking branches 'regulator/topic/settle', 'regulator/topic/tps65910' and 'regulator/topic/tps65917' into regulator-next 2017-07-03 16:52:21 +01:00
remoteproc remoteproc/keystone: Fix circular dependencies for ARM configs 2017-06-27 16:21:34 -07:00
reset ARM: SoC driver updates 2017-07-04 14:47:47 -07:00
rpmsg rpmsg updates for v4.13 2017-07-06 15:38:31 -07:00
rtc RTC for 4.13 2017-07-13 12:15:06 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2017-07-25 08:44:27 -07:00
sbus sbus: Convert to using %pOF instead of full_name 2017-07-20 12:37:10 -07:00
scsi SCSI fixes on 20170802 2017-08-02 08:43:19 -07:00
sfi
sh drivers/sh/intc/virq.c: delete an error message for a failed memory allocation in add_virq_to_pirq() 2017-07-06 16:24:30 -07:00
sn
soc soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST 2017-07-27 13:12:34 +02:00
spi Merge branch 'for-spi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-08 10:41:53 -07:00
spmi spmi: pmic-arb: Always allocate ppid_to_apid table 2017-07-17 15:00:47 +02:00
ssb
staging media fixes for v4.13-rc2 2017-08-05 14:09:26 -07:00
target Add wait_for_random_bytes() and get_random_*_wait() functions so that 2017-07-15 12:44:02 -07:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-07-14 13:12:32 -07:00
thunderbolt Merge branches 'pm-core' and 'pm-misc' 2017-08-03 20:29:45 +02:00
tty gpio: exar: Use correct property prefix and document bindings 2017-08-01 13:43:55 +02:00
uio
usb xhci: fix memleak in xhci_run() 2017-07-20 14:40:36 +02:00
uwb driver core patches for 4.13-rc1 2017-07-03 20:27:48 -07:00
vfio vfio/pci: Fix handling of RC integrated endpoint PCIe capability size 2017-07-27 10:39:33 -06:00
vhost sock: enable MSG_ZEROCOPY 2017-08-03 21:37:30 -07:00
video Merge branch 'akpm' (patches from Andrew) 2017-07-13 12:38:49 -07:00
virt
virtio Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-01 10:07:50 -07:00
vlynq
vme
w1 w1: omap-hdq: fix error return code in omap_hdq_probe() 2017-07-17 16:48:15 +02:00
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2017-07-11 09:59:37 -07:00
xen xen: dont fiddle with event channel masking in suspend/resume 2017-07-27 19:55:46 +02:00
zorro
Kconfig
Makefile