iio: hid-sensors: Prevent crash during hot-unplug

When hid sensor hub is unplugged, there is a crash in
iio_device_unregister_trigger_consumer.
In a typical IIO driver when remove is called, it will unregister and free
trigger and then it will call iio_device_free.
The function iio_trigger_free() will free the allocated memory for trigger.
If this trigger was assigned to iio_dev->trig, then it should be set to NULL.
Othewise when iio_device_free() is called later, it finally calls
iio_device_unregsister_trigger(), which checks for
       if (indio_dev->trig)
                iio_trigger_put(indio_dev->trig);
If indio_dev->trig is not set to NULL, it calls iio_trigger_put on a bad
pointer causing crash.
This scenerio can happen in any driver, which is storing trigger pointer in
iio_dev structure and following current procedure during remove.

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>

1 files changed, 1 insertions, 0 deletions

diff --git a/drivers/iio/common/hid-sensors/hid-sensor-trigger.c b/drivers/iio/common/hid-sensors/hid-sensor-trigger.c
index 12277e8bbd80..d4b790d18efb 100644
--- a/drivers/iio/common/hid-sensors/hid-sensor-trigger.c
+++ b/drivers/iio/common/hid-sensors/hid-sensor-trigger.c
@@ -56,6 +56,7 @@ void hid_sensor_remove_trigger(struct iio_dev *indio_dev)
 {
         iio_trigger_unregister(indio_dev->trig);
         iio_trigger_free(indio_dev->trig);
+        indio_dev->trig = NULL;
 }
 EXPORT_SYMBOL(hid_sensor_remove_trigger);