Prior to
commit 29bd3bc1194c624ce863cab2a7da9bc1f0c3b47b
hso: fix crash when device disappears while serial port is open
hso_serial_open would always kref_get(&serial->parent->ref) before
returning zero.
Since that commit, it only calls kref_get when returning 0 if
serial->port.count was zero.
This results in calls to
kref_put(&serial->parent->ref, hso_serial_ref_free);
after hso_serial_ref_free has been called, which dereferences a freed
pointer.
This patch adds the missing kref_get().
Fixes: commit 29bd3bc1194c624ce863cab2a7da9bc1f0c3b47b
Cc: stable@xxxxxxxxxxxxxxx (v4.0)
Cc: Olivier Sobrie <olivier@xxxxxxxxx>
Signed-off-by: NeilBrown <neilb@xxxxxxx>
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
index 75befc1bd816..6848fc903340 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -1299,6 +1299,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp)
}
} else {
D1("Port was already open");
+ kref_get(&serial->parent->ref);
}
usb_autopm_put_interface(serial->parent->interface);
Attachment:
pgpAJf63ByaFm.pgp
Description: OpenPGP digital signature
