USB: serial: quatech2: handle unbound ports

BugLink: https://bugs.launchpad.net/bugs/1862259
commit 9715a43eea77e42678a1002623f2d9a78f5b81a1 upstream.

Check for NULL port data in the modem- and line-status handlers to avoid
dereferencing a NULL pointer in the unlikely case where a port device
isn't bound to a driver (e.g. after an allocation failure on port
probe).

Note that the other (stubbed) event handlers qt2_process_xmit_empty()
and qt2_process_flush() would need similar sanity checks in case they
are ever implemented.

Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver")
Cc: stable <stable@vger.kernel.org>     # 3.5
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c
index 958e12e1e7c7213d936bf0182b8bf30c14cb51ed..656ff17a2f873489cd6ce86787e21de1e56e0397 100644 (file)
--- a/drivers/usb/serial/quatech2.c
+++ b/drivers/usb/serial/quatech2.c
@@ -863,7 +863,10 @@ static void qt2_update_msr(struct usb_serial_port *port, unsigned char *ch)
        u8 newMSR = (u8) *ch;
        unsigned long flags;
 
+       /* May be called from qt2_process_read_urb() for an unbound port. */
        port_priv = usb_get_serial_port_data(port);
+       if (!port_priv)
+               return;
 
        spin_lock_irqsave(&port_priv->lock, flags);
        port_priv->shadowMSR = newMSR;
@@ -891,7 +894,10 @@ static void qt2_update_lsr(struct usb_serial_port *port, unsigned char *ch)
        unsigned long flags;
        u8 newLSR = (u8) *ch;
 
+       /* May be called from qt2_process_read_urb() for an unbound port. */
        port_priv = usb_get_serial_port_data(port);
+       if (!port_priv)
+               return;
 
        if (newLSR & UART_LSR_BI)
                newLSR &= (u8) (UART_LSR_OE | UART_LSR_BI);