summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Usyskin <alexander.usyskin@intel.com>2016-02-07 23:35:32 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-02-07 14:47:20 -0800
commit15c13dfcad883a1e76b714480fb27be96247fd82 (patch)
treefbdf6b7723715845e029ff3c2a722303e1664b2c
parent850f8940a6a38563ff401073fd845414ab49c5ed (diff)
downloadlwn-15c13dfcad883a1e76b714480fb27be96247fd82.tar.gz
lwn-15c13dfcad883a1e76b714480fb27be96247fd82.zip
mei: bus: check if the device is enabled before data transfer
The bus data transfer interface was missing the check if the device is in enabled state, this may lead to stack corruption during link reset. Cc: <stable@vger.kernel.org> #4.0 Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/misc/mei/bus.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
index 990f4f65c35e..83b084558ee5 100644
--- a/drivers/misc/mei/bus.c
+++ b/drivers/misc/mei/bus.c
@@ -53,6 +53,11 @@ ssize_t __mei_cl_send(struct mei_cl *cl, u8 *buf, size_t length,
bus = cl->dev;
mutex_lock(&bus->device_lock);
+ if (bus->dev_state != MEI_DEV_ENABLED) {
+ rets = -ENODEV;
+ goto out;
+ }
+
if (!mei_cl_is_connected(cl)) {
rets = -ENODEV;
goto out;
@@ -109,6 +114,10 @@ ssize_t __mei_cl_recv(struct mei_cl *cl, u8 *buf, size_t length)
bus = cl->dev;
mutex_lock(&bus->device_lock);
+ if (bus->dev_state != MEI_DEV_ENABLED) {
+ rets = -ENODEV;
+ goto out;
+ }
cb = mei_cl_read_cb(cl, NULL);
if (cb)