net: usb: fix possible use-after-free in smsc75xx_bind

mainline inclusion
from mainline-v5.13-rc7
commit 56b786d8
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHNM
CVE: CVE-2021-47171

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56b786d86694e079d8aad9b314e015cd4ac02a3d



--------------------------------

The commit 46a8b29c ("net: usb: fix memory leak in smsc75xx_bind")
fails to clean up the work scheduled in smsc75xx_reset->
smsc75xx_set_multicast, which leads to use-after-free if the work is
scheduled to start after the deallocation. In addition, this patch
also removes a dangling pointer - dev->data[0].

This patch calls cancel_work_sync to cancel the scheduled work and set
the dangling pointer to NULL.

Fixes: 46a8b29c ("net: usb: fix memory leak in smsc75xx_bind")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Luo Gengkun <luogengkun2@huawei.com>