On Thu, Jan 30, 2020 at 03:37:33PM +0100, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From e93cd35101b61e4c79149be2cfc927c4b28dc60c Mon Sep 17 00:00:00 2001 From: Johan Hovold johan@kernel.org Date: Thu, 28 Nov 2019 18:22:00 +0100 Subject: [PATCH] rsi: fix use-after-free on failed probe and unbind
Make sure to stop both URBs before returning after failed probe as well as on disconnect to avoid use-after-free in the completion handler.
Reported-by: syzbot+b563b7f8dbe8223a51e8@syzkaller.appspotmail.com Fixes: a4302bff28e2 ("rsi: add bluetooth rx endpoint") Fixes: dad0d04fa7ba ("rsi: Add RS9113 wireless driver") Cc: stable stable@vger.kernel.org # 3.15 Cc: Siva Rebbagondla siva.rebbagondla@redpinesignals.com Cc: Prameela Rani Garnepudi prameela.j04cs@gmail.com Cc: Amitkumar Karwar amit.karwar@redpinesignals.com Cc: Fariya Fatima fariyaf@gmail.com Signed-off-by: Johan Hovold johan@kernel.org Signed-off-by: Kalle Valo kvalo@codeaurora.org
Conflicts around support for suspend/resume. I've also queued up cbde979b33fa ("rsi: add hci detach for hibernation and poweroff") for 4.19 and 4.14.