hid-core calls hiddev_disconnect() when the underlying device goes away
(hot unplug or system shutdown).  Normally, hiddev_disconnect() will clean
up nicely and return to hid-core who then frees the hid structure.
However, if the corresponding hiddev node is open at disconnect time,
hiddev delays the majority of disconnect work until the device is closed
via hiddev_release().  hiddev_release() calls hiddev_cleanup() which
proceeds to dereference the hid struct which hid-core freed back when the
hardware was disconnected.  Oops.

To solve this, we change hiddev_disconnect() to deregister the hiddev minor
and invalidate its table entry immediately and delay only the freeing of
the hiddev structure itself.  We're protected against future operations on
the fd since the major fops check hiddev->exists.
Signed-off-by: Adam Kropelin <akropel1@rochester.rr.com>
Signed-off-by: Vojtech Pavlik <vojtech@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>