hid-core calls hiddev_disconnect() when the underlying device goes away
(hot unplug or system shutdown). Normally, hiddev_disconnect() will
clean up nicely and return to hid-core who then frees the hid structure.
However, if the corresponding hiddev node is open at disconnect time,
hiddev delays the majority of disconnect work until the device is closed
via hiddev_release(). hiddev_release() calls hiddev_cleanup() which
proceeds to dereference the hid struct which hid-core freed back when   
the hardware was disconnected. Oops.

To solve this, we change hiddev_disconnect() to deregister the hiddev
minor and invalidate its table entry immediately and delay only the
freeing of the hiddev structure itself. We're protected against future
operations on the fd since the major fops check hiddev->exists.

There may still be an ordering of events that causes a problem but I can
no longer reproduce any manually. There are enough different subsystems
and object lifetimes interacting here that I may have screwed something
else up; review is certainly welcome.
Signed-off-by: Adam Kropelin <akropel1@rochester.rr.com>
Signed-off-by: Vojtech Pavlik <vojtech@suse.cz>