Revision 05ca447630334c323c9e2b788b61133ab75d60d3 authored by Takashi Iwai on 18 May 2021, 08:39:39 UTC, committed by Takashi Iwai on 19 May 2021, 14:25:57 UTC
The initialization of MIDI devices that are found on some LINE6 drivers are currently done in a racy way; namely, the MIDI buffer instance is allocated and initialized in each private_init callback while the communication with the interface is already started via line6_init_cap_control() call before that point. This may lead to Oops in line6_data_received() when a spurious event is received, as reported by syzkaller. This patch moves the MIDI initialization to line6_init_cap_control() as well instead of the too-lately-called private_init for avoiding the race. Also this reduces slightly more lines, so it's a win-win change. Reported-by: syzbot+0d2b3feb0a2887862e06@syzkallerlkml..appspotmail.com Link: https://lore.kernel.org/r/000000000000a4be9405c28520de@google.com Link: https://lore.kernel.org/r/20210517132725.GA50495@hyeyoo Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20210518083939.1927-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
1 parent 4c6fe8c
| File | Mode | Size |
|---|---|---|
| Kconfig | -rw-r--r-- | 716 bytes |
| Makefile | -rw-r--r-- | 204 bytes |
| cfg.c | -rw-r--r-- | 11.4 KB |
| cfg.h | -rw-r--r-- | 202 bytes |
| driver-ops.h | -rw-r--r-- | 5.8 KB |
| ieee802154_i.h | -rw-r--r-- | 5.0 KB |
| iface.c | -rw-r--r-- | 19.0 KB |
| llsec.c | -rw-r--r-- | 24.9 KB |
| llsec.h | -rw-r--r-- | 2.8 KB |
| mac_cmd.c | -rw-r--r-- | 3.8 KB |
| main.c | -rw-r--r-- | 5.6 KB |
| mib.c | -rw-r--r-- | 5.1 KB |
| rx.c | -rw-r--r-- | 7.1 KB |
| trace.c | -rw-r--r-- | 189 bytes |
| trace.h | -rw-r--r-- | 6.4 KB |
| tx.c | -rw-r--r-- | 3.0 KB |
| util.c | -rw-r--r-- | 2.3 KB |
Computing file changes ...
