USB: fix port probing and removal in garmin_gps

This patch (as1615) fixes a bug in the Garmin USB serial driver. It uses attach, disconnect, and release routines to carry out actions that should be handled by port_probe and port_remove routines, because they access port-specific data. The bug causes an oops when the device in unplugged, because the private data for each port structure now gets erased when the port is unbound from the driver, resulting in a null-pointer dereference. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported--by: Markus Schauler <mschauler@gmail.com> Tested-by: Markus Schauler <mschauler@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Alan Stern <stern@rowland.harvard.edu> 2012-10-10 14:10:21 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-10-16 13:25:55 -0400
commit: db5c8b524444d4fc6b1f32d368a50a3729e50002 (patch)
tree: ed09dfb961fd6c505dc292cf26335e7110db5fe3
parent: 8bf769eb5f6efc33f95088850f33fcc05d28b508 (diff)
1 files changed, 7 insertions, 17 deletions
diff --git a/drivers/usb/serial/garmin_gps.c b/drivers/usb/serial/garmin_gps.c
index 3ee92648c02d..203358d7e7bc 100644
--- a/drivers/usb/serial/garmin_gps.c
+++ b/drivers/usb/serial/garmin_gps.c
@@ -1405,11 +1405,10 @@ static void timeout_handler(unsigned long data)
-static int garmin_attach(struct usb_serial *serial)
+static int garmin_port_probe(struct usb_serial_port *port)
 {
-        int status = 0;
+        int status;
-        struct usb_serial_port *port = serial->port[0];
+        struct garmin_data *garmin_data_p;
-        struct garmin_data *garmin_data_p = NULL;
        garmin_data_p = kzalloc(sizeof(struct garmin_data), GFP_KERNEL);
        if (garmin_data_p == NULL) {
@@ -1434,22 +1433,14 @@ static int garmin_attach(struct usb_serial *serial)
 }
-static void garmin_disconnect(struct usb_serial *serial)
+static int garmin_port_remove(struct usb_serial_port *port)
 {
-        struct usb_serial_port *port = serial->port[0];
        struct garmin_data *garmin_data_p = usb_get_serial_port_data(port);
        usb_kill_urb(port->interrupt_in_urb);
        del_timer_sync(&garmin_data_p->timer);
-}
-static void garmin_release(struct usb_serial *serial)
-{
-        struct usb_serial_port *port = serial->port[0];
-        struct garmin_data *garmin_data_p = usb_get_serial_port_data(port);
        kfree(garmin_data_p);
+        return 0;
 }
@@ -1466,9 +1457,8 @@ static struct usb_serial_driver garmin_device = {
        .close               = garmin_close,
        .throttle            = garmin_throttle,
        .unthrottle          = garmin_unthrottle,
-        .attach              = garmin_attach,
+        .port_probe             = garmin_port_probe,
-        .disconnect          = garmin_disconnect,
+        .port_remove            = garmin_port_remove,
-        .release             = garmin_release,
        .write               = garmin_write,
        .write_room          = garmin_write_room,
        .write_bulk_callback = garmin_write_bulk_callback,
author	Alan Stern <stern@rowland.harvard.edu>	2012-10-10 14:10:21 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-10-16 13:25:55 -0400
commit	db5c8b524444d4fc6b1f32d368a50a3729e50002 (patch)
tree	ed09dfb961fd6c505dc292cf26335e7110db5fe3
parent	8bf769eb5f6efc33f95088850f33fcc05d28b508 (diff)