diff options
author | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2025-05-06 01:49:59 +0300 |
---|---|---|
committer | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2025-05-19 21:58:36 +0300 |
commit | ca39500f6af9cfe6823dc5aa8fbaed788d6e35b2 (patch) | |
tree | f76f9421fb40f538ccf565155c014916f607306a /rust/helpers/rbtree.c | |
parent | f0d17942ea3edec191f1c0fc0d2cd7feca8de2f0 (diff) | |
download | linux-ca39500f6af9cfe6823dc5aa8fbaed788d6e35b2.tar.xz |
Input: synaptics-rmi - fix crash with unsupported versions of F34
Sysfs interface for updating firmware for RMI devices is available even
when F34 probe fails. The code checks for presence of F34 "container"
pointer and then tries to use the function data attached to the
sub-device. F34 assigns the function data early, before it knows if
probe will succeed, leaving behind a stale pointer.
Fix this by expanding checks to not only test for presence of F34
"container" but also check if there is driver data assigned to the
sub-device, and call dev_set_drvdata() only after we are certain that
probe is successful.
This is not a complete fix, since F34 will be freed during firmware
update, so there is still a race when fetching and accessing this
pointer. This race will be addressed in follow-up changes.
Reported-by: Hanno Böck <hanno@hboeck.de>
Fixes: 29fd0ec2bdbe ("Input: synaptics-rmi4 - add support for F34 device reflash")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/aBlAl6sGulam-Qcx@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Diffstat (limited to 'rust/helpers/rbtree.c')
0 files changed, 0 insertions, 0 deletions