HID: picoLCD: prevent NULL pointer dereferences

Driver code expects to get access to struct picolcd_data from hiddev
and is not prepared to find a NULL pointer there. Most prominent
candidate to trip on it is picolcd_fb_deferred_io().
Delay removing struct picolcd_data from hiddev until all sub-devices
have been unregistered.

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
index 2d7ef688d66e6a00d589f3c3070bed15f55672b7..e4fe342e7aae976d4635b488fda3868da27f0e21 100644 (file)
--- a/drivers/hid/hid-picolcd_core.c
+++ b/drivers/hid/hid-picolcd_core.c
@@ -653,7 +653,6 @@ static void picolcd_remove(struct hid_device *hdev)
        device_remove_file(&hdev->dev, &dev_attr_operation_mode_delay);
        hid_hw_close(hdev);
        hid_hw_stop(hdev);
-       hid_set_drvdata(hdev, NULL);
 
        /* Shortcut potential pending reply that will never arrive */
        spin_lock_irqsave(&data->lock, flags);
@@ -671,6 +670,7 @@ static void picolcd_remove(struct hid_device *hdev)
        picolcd_exit_cir(data);
        picolcd_exit_keys(data);
 
+       hid_set_drvdata(hdev, NULL);
        mutex_destroy(&data->mutex);
        /* Finally, clean up the picolcd data itself */
        kfree(data);