UPSTREAM: xhci: Fix xhci debugfs NULL pointer dereference in resume from hibernate

Free the virt_device and its debugfs_private member together.

When resuming from hibernate the .free_dev callback unconditionally
freed the debugfs_private member, but could leave virt_device intact.

This triggered a NULL pointer dereference after resume when usbmuxd
sent a USBDEVFS_SETCONFIGURATION ioctl to a device, trying to add a
endpoint debugfs entry to a already freed debugfs_private pointer.

Change-Id: Ib0ed39ee0f82f3f5c3af5c46949a6a5f6dfe190d
Fixes: 02b6fdc2a1 ("usb: xhci: Add debugfs interface for xHCI driver")
Reported-by: Alexander Kappner <agk@godking.net>
Tested-by: Alexander Kappner <agk@godking.net>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: William Wu <william.wu@rock-chips.com>

drivers/usb/host/xhci.c

@@ -3611,8 +3611,6 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
 	int i, ret;
 	struct xhci_command *command;
 
-	xhci_debugfs_remove_slot(xhci, udev->slot_id);
-
 	command = xhci_alloc_command(xhci, false, false, GFP_KERNEL);
 	if (!command)
 		return;
@@ -3646,6 +3644,8 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
 		del_timer_sync(&virt_dev->eps[i].stop_cmd_timer);
 	}
 
+	xhci_debugfs_remove_slot(xhci, udev->slot_id);
+
 	spin_lock_irqsave(&xhci->lock, flags);
 
 	virt_dev->udev = NULL;