On Thu, Jan 30, 2020 at 03:37:33PM +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From e93cd35101b61e4c79149be2cfc927c4b28dc60c Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@xxxxxxxxxx>
Date: Thu, 28 Nov 2019 18:22:00 +0100
Subject: [PATCH] rsi: fix use-after-free on failed probe and unbind
Make sure to stop both URBs before returning after failed probe as well
as on disconnect to avoid use-after-free in the completion handler.
Reported-by: syzbot+b563b7f8dbe8223a51e8@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: a4302bff28e2 ("rsi: add bluetooth rx endpoint")
Fixes: dad0d04fa7ba ("rsi: Add RS9113 wireless driver")
Cc: stable <stable@xxxxxxxxxxxxxxx> # 3.15
Cc: Siva Rebbagondla <siva.rebbagondla@xxxxxxxxxxxxxxxxxx>
Cc: Prameela Rani Garnepudi <prameela.j04cs@xxxxxxxxx>
Cc: Amitkumar Karwar <amit.karwar@xxxxxxxxxxxxxxxxxx>
Cc: Fariya Fatima <fariyaf@xxxxxxxxx>
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Conflicts around support for suspend/resume. I've also queued up
cbde979b33fa ("rsi: add hci detach for hibernation and poweroff") for
4.19 and 4.14.
--
Thanks,
Sasha
