usblp: poison URBs upon disconnect

syzkaller reported an URB that should have been killed to be active.
We do not understand it, but this should fix the issue if it is real.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+be5b5f86a162a6c281e6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200507085806.5793-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Oliver Neukum 2020-05-07 10:58:06 +02:00 committed by Greg Kroah-Hartman
parent c22eb9374c
commit 296a193b06
1 changed files with 4 additions and 1 deletions

View File

@ -468,7 +468,8 @@ static int usblp_release(struct inode *inode, struct file *file)
usb_autopm_put_interface(usblp->intf); usb_autopm_put_interface(usblp->intf);
if (!usblp->present) /* finish cleanup from disconnect */ if (!usblp->present) /* finish cleanup from disconnect */
usblp_cleanup(usblp); usblp_cleanup(usblp); /* any URBs must be dead */
mutex_unlock(&usblp_mutex); mutex_unlock(&usblp_mutex);
return 0; return 0;
} }
@ -1375,9 +1376,11 @@ static void usblp_disconnect(struct usb_interface *intf)
usblp_unlink_urbs(usblp); usblp_unlink_urbs(usblp);
mutex_unlock(&usblp->mut); mutex_unlock(&usblp->mut);
usb_poison_anchored_urbs(&usblp->urbs);
if (!usblp->used) if (!usblp->used)
usblp_cleanup(usblp); usblp_cleanup(usblp);
mutex_unlock(&usblp_mutex); mutex_unlock(&usblp_mutex);
} }