Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (23d22f2f) · Commits · git / linux-nf

drivers/bluetooth/btusb.c

+6 −7

Original line number	Diff line number	Diff line
		@@ -4361,6 +4361,11 @@ static void btusb_disconnect(struct usb_interface *intf)

		hci_unregister_dev(hdev);

		if (data->oob_wake_irq)
		device_init_wakeup(&data->udev->dev, false);
		if (data->reset_gpio)
		gpiod_put(data->reset_gpio);

		if (intf == data->intf) {
		if (data->isoc)
		usb_driver_release_interface(&btusb_driver, data->isoc);
		@@ -4371,17 +4376,11 @@ static void btusb_disconnect(struct usb_interface *intf)
		usb_driver_release_interface(&btusb_driver, data->diag);
		usb_driver_release_interface(&btusb_driver, data->intf);
		} else if (intf == data->diag) {
		usb_driver_release_interface(&btusb_driver, data->intf);
		if (data->isoc)
		usb_driver_release_interface(&btusb_driver, data->isoc);
		usb_driver_release_interface(&btusb_driver, data->intf);
		}

		if (data->oob_wake_irq)
		device_init_wakeup(&data->udev->dev, false);

		if (data->reset_gpio)
		gpiod_put(data->reset_gpio);

		hci_free_dev(hdev);
		}