linux/drivers/media/v4l2-core
Pi-Hsun Shih df4a3e7f88 media: v4l2-ctrl: Lock main_hdl on operations of requests_queued.
There's a race condition between the list_del_init in the
v4l2_ctrl_request_complete, and the list_add_tail in the
v4l2_ctrl_request_queue, since they can be called in different thread
and the requests_queued list is not protected by a lock. This can lead
to that the v4l2_ctrl_handler is still in the requests_queued list while
the request_is_queued is already set to false, which would cause
use-after-free if the v4l2_ctrl_handler is later released.

Fix this by locking the ->lock of main_hdl (which is the owner of the
requests_queued list) when doing list operations on the
->requests_queued list.

Signed-off-by: Pi-Hsun Shih <pihsun@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
2019-11-10 07:29:10 +01:00
..
Kconfig media: v4l2-core: move i2c helpers out of v4l2-common.c 2019-08-26 10:50:48 -03:00
Makefile media: v4l2-core: move i2c helpers out of v4l2-common.c 2019-08-26 10:50:48 -03:00
tuner-core.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
v4l2-async.c media: v4l2-async: Safely clean up an uninitialised notifier 2019-07-25 11:00:06 -04:00
v4l2-clk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
v4l2-common.c media: v4l2-common: add RGB565 and RGB55 to v4l2_format_info 2019-10-10 13:53:41 -03:00
v4l2-compat-ioctl32.c
v4l2-ctrls.c media: v4l2-ctrl: Lock main_hdl on operations of requests_queued. 2019-11-10 07:29:10 +01:00
v4l2-dev.c media: v4l2-dev: disable frequency and tuner ioctls for touch 2019-10-24 11:43:33 -03:00
v4l2-device.c media: v4l2-core: introduce a helper to unregister a i2c subdev 2019-08-26 10:52:06 -03:00
v4l2-dv-timings.c media: v4l2-dv-timings: Use DIV_ROUND_CLOSEST directly to make it readable 2019-11-05 08:49:22 -03:00
v4l2-event.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
v4l2-fh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
v4l2-flash-led-class.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
v4l2-fwnode.c media: v4l: fwnode: Make v4l2_fwnode_endpoint_free() safer 2019-10-01 17:32:55 -03:00
v4l2-i2c.c v4l2-core: fix coding style for the two new c files 2019-08-26 11:01:25 -03:00
v4l2-ioctl.c media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT 2019-11-10 07:27:04 +01:00
v4l2-mc.c
v4l2-mem2mem.c media: v4l2-mem2mem: Fix hold buf flag checks 2019-11-09 09:07:34 +01:00
v4l2-spi.c v4l2-core: fix coding style for the two new c files 2019-08-26 11:01:25 -03:00
v4l2-subdev.c media: v4l2-subdev: Don't use __u32 internally 2019-11-05 08:57:48 -03:00
v4l2-trace.c
videobuf-core.c media: videobuf-core.c: poll_wait needs a non-NULL buf pointer 2019-09-05 06:26:57 -03:00
videobuf-dma-contig.c media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get 2019-09-25 17:51:41 -07:00
videobuf-dma-sg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 237 2019-06-19 17:09:07 +02:00
videobuf-vmalloc.c media updates for v5.3-rc1 2019-07-09 09:47:22 -07:00