From: Stefan Wahren Date: Sat, 10 Sep 2016 12:53:21 +0000 (+0000) Subject: usb: chipidea: host: fix NULL ptr dereference during shutdown X-Git-Tag: v4.8.7~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=086ac91804372caeef7e872e0d151fcfb2303932;p=thirdparty%2Fkernel%2Fstable.git usb: chipidea: host: fix NULL ptr dereference during shutdown commit 991d5add50a5bb6ab8f12f2129f5c7487f6baaf6 upstream. After commit b09b5224fe86 ("usb: chipidea: implement platform shutdown callback") and commit 43a404577a93 ("usb: chipidea: host: set host to be null after hcd is freed") a NULL pointer dereference is caused on i.MX23 during shutdown. So ensure that role is set to CI_ROLE_END and we finish interrupt handling before the hcd is deallocated. This avoids the NULL pointer dereference. Suggested-by: Alan Stern Signed-off-by: Stefan Wahren Fixes: b09b5224fe86 ("usb: chipidea: implement platform shutdown callback") Signed-off-by: Peter Chen Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/chipidea/host.c b/drivers/usb/chipidea/host.c index 053bac9d983cb..887be343fcd45 100644 --- a/drivers/usb/chipidea/host.c +++ b/drivers/usb/chipidea/host.c @@ -185,6 +185,8 @@ static void host_stop(struct ci_hdrc *ci) if (hcd) { usb_remove_hcd(hcd); + ci->role = CI_ROLE_END; + synchronize_irq(ci->irq); usb_put_hcd(hcd); if (ci->platdata->reg_vbus && !ci_otg_is_fsm_mode(ci) && (ci->platdata->flags & CI_HDRC_TURN_VBUS_EARLY_ON))