diff options
| author | Hans de Goede <hdegoede@redhat.com> | 2023-03-08 16:42:43 +0100 | 
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-03-09 14:39:20 +0100 | 
| commit | 0482c34ec6f8557e06cd0f8e2d0e20e8ede6a22c (patch) | |
| tree | 59e61219ea7da6bc6a52bf3c6a35f40c0dd741d8 /lib/crypto/mpi/mpi-mod.c | |
| parent | f87fb985452ab2083967103ac00bfd68fb182764 (diff) | |
usb: ucsi: Fix ucsi->connector race
ucsi_init() which runs from a workqueue sets ucsi->connector and
on an error will clear it again.
ucsi->connector gets dereferenced by ucsi_resume(), this checks for
ucsi->connector being NULL in case ucsi_init() has not finished yet;
or in case ucsi_init() has failed.
ucsi_init() setting ucsi->connector and then clearing it again on
an error creates a race where the check in ucsi_resume() may pass,
only to have ucsi->connector free-ed underneath it when ucsi_init()
hits an error.
Fix this race by making ucsi_init() store the connector array in
a local variable and only assign it to ucsi->connector on success.
Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API")
Cc: stable@vger.kernel.org
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230308154244.722337-3-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/crypto/mpi/mpi-mod.c')
0 files changed, 0 insertions, 0 deletions
