superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/input/rmi4
History
Dmitry Torokhov ca39500f6a Input: synaptics-rmi - fix crash with unsupported versions of F34 
Sysfs interface for updating firmware for RMI devices is available even
when F34 probe fails. The code checks for presence of F34 "container"
pointer and then tries to use the function data attached to the
sub-device. F34 assigns the function data early, before it knows if
probe will succeed, leaving behind a stale pointer.

Fix this by expanding checks to not only test for presence of F34
"container" but also check if there is driver data assigned to the
sub-device, and call dev_set_drvdata() only after we are certain that
probe is successful.

This is not a complete fix, since F34 will be freed during firmware
update, so there is still a race when fetching and accessing this
pointer. This race will be addressed in follow-up changes.

Reported-by: Hanno Böck <hanno@hboeck.de>
Fixes: 29fd0ec2bd ("Input: synaptics-rmi4 - add support for F34 device reflash")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/aBlAl6sGulam-Qcx@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
 		2025-05-19 11:58:36 -07:00
..
Kconfig media: Kconfig: cleanup VIDEO_DEV dependencies 2022-03-18 05:58:35 +01:00
Makefile Input: synaptics-rmi4 - add support for F3A 2020-10-04 19:51:44 -07:00
rmi_2d_sensor.c Input: synaptics-rmi4 - remove the exporting of rmi_2d_sensor_set_input_params 2019-07-24 12:58:11 +03:00
rmi_2d_sensor.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
rmi_bus.c driver core: have match() callback in struct bus_type take a const * 2024-07-03 15:16:54 +02:00
rmi_bus.h driver core: have match() callback in struct bus_type take a const * 2024-07-03 15:16:54 +02:00
rmi_driver.c driver core: have match() callback in struct bus_type take a const * 2024-07-03 15:16:54 +02:00
rmi_driver.h driver core: have match() callback in struct bus_type take a const * 2024-07-03 15:16:54 +02:00
rmi_f01.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
rmi_f03.c Input: synaptics-rmi4 - use guard notation when pausing serio port in F03 2024-10-04 00:58:15 -07:00
rmi_f3a.c Input: synaptics-rmi4 - add support for F3A 2020-10-04 19:51:44 -07:00
rmi_f11.c Input: synaptics-rmi4 - fix kerneldoc warnings 2020-11-09 16:45:50 -08:00
rmi_f12.c Input: synaptics-rmi4 - fix crash when DPM query is not supported 2024-09-03 15:01:11 -07:00
rmi_f30.c Input: synaptics-rmi4 - rename f30_data to gpio_data 2020-10-04 19:51:43 -07:00
rmi_f34.c Input: synaptics-rmi - fix crash with unsupported versions of F34 2025-05-19 11:58:36 -07:00
rmi_f34.h Input: synaptics-rmi4 - remove unneeded struct register_offset 2022-09-23 13:00:13 -07:00
rmi_f34v7.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
rmi_f54.c Input: drop vb2_ops_wait_prepare/finish 2025-02-04 06:12:34 -08:00
rmi_f55.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
rmi_i2c.c Input: drop explicit initialization of struct i2c_device_id::driver_data to 0 2024-05-13 15:43:19 -07:00
rmi_smbus.c Linux 6.9 2024-05-27 21:37:18 -07:00
rmi_spi.c Input: synaptics-rmi4 - follow renaming of SPI "master" to "controller" 2024-02-08 11:54:39 +00:00