USB: cdc-wdm: cannot use dev_printk when device is gone
authorBjørn Mork <bjorn@mork.no>
Wed, 9 May 2012 11:53:22 +0000 (13:53 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 11 May 2012 22:19:22 +0000 (15:19 -0700)
We cannot dereference a removed USB interface for
dev_printk. Use pr_debug instead where necessary.

Flush errors are expected if device is unplugged and are
therefore best ingored at this point.

Move the kill_urbs() call in wdm_release with dev_dbg()
for the non disconnect, as we know it has already been
called if WDM_DISCONNECTING is set.  This does not
actually fix anything, but keeps the code more consistent.

Cc: Oliver Neukum <oliver@neukum.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/class/cdc-wdm.c

index 7652275..90bc916 100644 (file)
@@ -533,7 +533,9 @@ static int wdm_flush(struct file *file, fl_owner_t id)
        struct wdm_device *desc = file->private_data;
 
        wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
-       if (desc->werr < 0)
+
+       /* cannot dereference desc->intf if WDM_DISCONNECTING */
+       if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
                dev_err(&desc->intf->dev, "Error in flush path: %d\n",
                        desc->werr);
 
@@ -625,12 +627,13 @@ static int wdm_release(struct inode *inode, struct file *file)
        mutex_unlock(&desc->wlock);
 
        if (!desc->count) {
-               dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
-               kill_urbs(desc);
                if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
+                       dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
+                       kill_urbs(desc);
                        desc->manage_power(desc->intf, 0);
                } else {
-                       dev_dbg(&desc->intf->dev, "%s: device gone - cleaning up\n", __func__);
+                       /* must avoid dev_printk here as desc->intf is invalid */
+                       pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
                        cleanup(desc);
                }
        }