Commit a70961e8 authored by Alexander Usyskin's avatar Alexander Usyskin Committed by Kamal Mostafa

mei: bus: check if the device is enabled before data transfer

commit 15c13dfc upstream.

The bus data transfer interface was missing the check if the device is
in enabled state, this may lead to stack corruption during link reset.
Signed-off-by: default avatarAlexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
parent 70d783ea
...@@ -300,6 +300,11 @@ ssize_t __mei_cl_send(struct mei_cl *cl, u8 *buf, size_t length, ...@@ -300,6 +300,11 @@ ssize_t __mei_cl_send(struct mei_cl *cl, u8 *buf, size_t length,
bus = cl->dev; bus = cl->dev;
mutex_lock(&bus->device_lock); mutex_lock(&bus->device_lock);
if (bus->dev_state != MEI_DEV_ENABLED) {
rets = -ENODEV;
goto out;
}
if (!mei_cl_is_connected(cl)) { if (!mei_cl_is_connected(cl)) {
rets = -ENODEV; rets = -ENODEV;
goto out; goto out;
...@@ -347,6 +352,10 @@ ssize_t __mei_cl_recv(struct mei_cl *cl, u8 *buf, size_t length) ...@@ -347,6 +352,10 @@ ssize_t __mei_cl_recv(struct mei_cl *cl, u8 *buf, size_t length)
bus = cl->dev; bus = cl->dev;
mutex_lock(&bus->device_lock); mutex_lock(&bus->device_lock);
if (bus->dev_state != MEI_DEV_ENABLED) {
rets = -ENODEV;
goto out;
}
cb = mei_cl_read_cb(cl, NULL); cb = mei_cl_read_cb(cl, NULL);
if (cb) if (cb)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment