Commit b13eb524 authored by Hong Liu's avatar Hong Liu Committed by Greg Kroah-Hartman

HID: intel-ish-hid: avoid binding wrong ishtp_cl_device

[ Upstream commit 0d28f494 ]

When performing a warm reset in ishtp bus driver, the ishtp_cl_device
will not be removed, its fw_client still points to the already freed
ishtp_device.fw_clients array.

Later after driver finishing ishtp client enumeration, this dangling
pointer may cause driver to bind the wrong ishtp_cl_device to the new
client, causing wrong callback to be called for messages intended for
the new client.

This helps in development of firmware where frequent switching of
firmwares is required without Linux reboot.
Signed-off-by: default avatarHong Liu <hong.liu@intel.com>
Tested-by: default avatarHongyan Song <hongyan.song@intel.com>
Acked-by: default avatarSrinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent c26d61ea
...@@ -623,7 +623,8 @@ int ishtp_cl_device_bind(struct ishtp_cl *cl) ...@@ -623,7 +623,8 @@ int ishtp_cl_device_bind(struct ishtp_cl *cl)
spin_lock_irqsave(&cl->dev->device_list_lock, flags); spin_lock_irqsave(&cl->dev->device_list_lock, flags);
list_for_each_entry(cl_device, &cl->dev->device_list, list_for_each_entry(cl_device, &cl->dev->device_list,
device_link) { device_link) {
if (cl_device->fw_client->client_id == cl->fw_client_id) { if (cl_device->fw_client &&
cl_device->fw_client->client_id == cl->fw_client_id) {
cl->device = cl_device; cl->device = cl_device;
rv = 0; rv = 0;
break; break;
...@@ -683,6 +684,7 @@ void ishtp_bus_remove_all_clients(struct ishtp_device *ishtp_dev, ...@@ -683,6 +684,7 @@ void ishtp_bus_remove_all_clients(struct ishtp_device *ishtp_dev,
spin_lock_irqsave(&ishtp_dev->device_list_lock, flags); spin_lock_irqsave(&ishtp_dev->device_list_lock, flags);
list_for_each_entry_safe(cl_device, n, &ishtp_dev->device_list, list_for_each_entry_safe(cl_device, n, &ishtp_dev->device_list,
device_link) { device_link) {
cl_device->fw_client = NULL;
if (warm_reset && cl_device->reference_count) if (warm_reset && cl_device->reference_count)
continue; continue;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment