Commit 8353da9f authored by Johan Hovold's avatar Johan Hovold Committed by David S. Miller

hso: fix NULL-deref on tty open

Fix NULL-pointer dereference on tty open due to a failure to handle a
missing interrupt-in endpoint when probing modem ports:

	BUG: kernel NULL pointer dereference, address: 0000000000000006
	...
	RIP: 0010:tiocmget_submit_urb+0x1c/0xe0 [hso]
	...
	Call Trace:
	hso_start_serial_device+0xdc/0x140 [hso]
	hso_serial_open+0x118/0x1b0 [hso]
	tty_open+0xf1/0x490

Fixes: 542f5482 ("tty: Modem functions for the HSO driver")
Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 569aad4f
...@@ -2620,14 +2620,18 @@ static struct hso_device *hso_create_bulk_serial_device( ...@@ -2620,14 +2620,18 @@ static struct hso_device *hso_create_bulk_serial_device(
*/ */
if (serial->tiocmget) { if (serial->tiocmget) {
tiocmget = serial->tiocmget; tiocmget = serial->tiocmget;
tiocmget->endp = hso_get_ep(interface,
USB_ENDPOINT_XFER_INT,
USB_DIR_IN);
if (!tiocmget->endp) {
dev_err(&interface->dev, "Failed to find INT IN ep\n");
goto exit;
}
tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL); tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL);
if (tiocmget->urb) { if (tiocmget->urb) {
mutex_init(&tiocmget->mutex); mutex_init(&tiocmget->mutex);
init_waitqueue_head(&tiocmget->waitq); init_waitqueue_head(&tiocmget->waitq);
tiocmget->endp = hso_get_ep(
interface,
USB_ENDPOINT_XFER_INT,
USB_DIR_IN);
} else } else
hso_free_tiomget(serial); hso_free_tiomget(serial);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment