mirror of
https://github.com/torvalds/linux.git
synced 2024-12-24 20:01:55 +00:00
cd26d1c4d1
If a filehandle is dup()ped, then it is possible to close it from one fd and call mmap from the other. This creates a race condition in vb2_mmap where it is using queue data that __vb2_queue_free (called from close()) is in the process of releasing. By moving up the mutex_lock(mmap_lock) in vb2_mmap this race is avoided since __vb2_queue_free is called with the same mutex locked. So vb2_mmap now reads consistent buffer data. Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Reported-by: syzbot+be93025dd45dccd8923c@syzkaller.appspotmail.com Signed-off-by: Hans Verkuil <hansverk@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> |
||
---|---|---|
.. | ||
cec | ||
common | ||
dvb-core | ||
dvb-frontends | ||
firewire | ||
i2c | ||
mmc | ||
pci | ||
platform | ||
radio | ||
rc | ||
spi | ||
tuners | ||
usb | ||
v4l2-core | ||
Kconfig | ||
Makefile | ||
media-device.c | ||
media-devnode.c | ||
media-entity.c | ||
media-request.c |