hso: fix NULL-deref on tty open
Fix NULL-pointer dereference on tty open due to a failure to handle a
missing interrupt-in endpoint when probing modem ports:
BUG: kernel NULL pointer dereference, address: 0000000000000006
...
RIP: 0010:tiocmget_submit_urb+0x1c/0xe0 [hso]
...
Call Trace:
hso_start_serial_device+0xdc/0x140 [hso]
hso_serial_open+0x118/0x1b0 [hso]
tty_open+0xf1/0x490
Fixes: 542f548236
("tty: Modem functions for the HSO driver")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
alistair/sunxi64-5.4-dsi
parent
569aad4fcd
commit
8353da9fa6
|
@ -2620,14 +2620,18 @@ static struct hso_device *hso_create_bulk_serial_device(
|
||||||
*/
|
*/
|
||||||
if (serial->tiocmget) {
|
if (serial->tiocmget) {
|
||||||
tiocmget = serial->tiocmget;
|
tiocmget = serial->tiocmget;
|
||||||
|
tiocmget->endp = hso_get_ep(interface,
|
||||||
|
USB_ENDPOINT_XFER_INT,
|
||||||
|
USB_DIR_IN);
|
||||||
|
if (!tiocmget->endp) {
|
||||||
|
dev_err(&interface->dev, "Failed to find INT IN ep\n");
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL);
|
tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL);
|
||||||
if (tiocmget->urb) {
|
if (tiocmget->urb) {
|
||||||
mutex_init(&tiocmget->mutex);
|
mutex_init(&tiocmget->mutex);
|
||||||
init_waitqueue_head(&tiocmget->waitq);
|
init_waitqueue_head(&tiocmget->waitq);
|
||||||
tiocmget->endp = hso_get_ep(
|
|
||||||
interface,
|
|
||||||
USB_ENDPOINT_XFER_INT,
|
|
||||||
USB_DIR_IN);
|
|
||||||
} else
|
} else
|
||||||
hso_free_tiomget(serial);
|
hso_free_tiomget(serial);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue