From df6b2b50b8e0f4db0609bd5c3388225243038778 Mon Sep 17 00:00:00 2001
From: Vinayak Pane <vpane@nvidia.com>
Date: Thu, 3 Jul 2014 19:03:49 -0700
Subject: [PATCH] HID: usbhid: protect hid disconnect flag

Acquire spin_lock before checking disconnect flag of hid.
Also add USB interface null check at get_raw_report.

Bug 200018305

Change-Id: I7255fa641cabf0866dd0d1f2fdab460ec82eca70
Signed-off-by: Vinayak Pane <vpane@nvidia.com>
Reviewed-on: http://git-master/r/434584
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Robert Shih <rshih@nvidia.com>
Tested-by: Robert Shih <rshih@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Eric Chuang <echuang@nvidia.com>
---
 drivers/hid/usbhid/hid-core.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
index 714e278eca4..c7f6ff129aa 100644
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -914,13 +914,20 @@ static int usbhid_get_raw_report(struct hid_device *hid,
 	int skipped_report_id = 0;
 	int ret;
 
+	intf = usbhid->intf;
+	if (intf == NULL) {
+		pr_err("%s: no USB intf\n", __func__);
+		return -ESHUTDOWN;
+	}
+	spin_lock_irq(&usbhid->lock);
 	if (test_bit(HID_DISCONNECTED, &usbhid->iofl)) {
 		pr_err("hid device disconnected\n");
+		spin_unlock_irq(&usbhid->lock);
 		return -ESHUTDOWN;
 	}
+	spin_unlock_irq(&usbhid->lock);
 
 	dev = hid_to_usb_dev(hid);
-	intf = usbhid->intf;
 	interface = intf->cur_altsetting;
 
 	/* Byte 0 is the report number. Report data starts at byte 1.*/
@@ -1409,6 +1416,10 @@ static void usbhid_disconnect(struct usb_interface *intf)
 		return;
 
 	usbhid = hid->driver_data;
+	spin_lock_irq(&usbhid->lock);
+	set_bit(HID_DISCONNECTED, &usbhid->iofl);
+	spin_unlock_irq(&usbhid->lock);
+
 	hid_destroy_device(hid);
 	kfree(usbhid);
 }
-- 
2.39.2