leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
701f49bc02
linux/drivers/media/common
History
Hans Verkuil cd26d1c4d1 media: vb2: vb2_mmap: move lock up 
If a filehandle is dup()ped, then it is possible to close it from one fd
and call mmap from the other. This creates a race condition in vb2_mmap
where it is using queue data that __vb2_queue_free (called from close())
is in the process of releasing.

By moving up the mutex_lock(mmap_lock) in vb2_mmap this race is avoided
since __vb2_queue_free is called with the same mutex locked. So vb2_mmap
now reads consistent buffer data.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Reported-by: syzbot+be93025dd45dccd8923c@syzkaller.appspotmail.com
Signed-off-by: Hans Verkuil <hansverk@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
2018-11-23 05:54:22 -05:00
..
b2c2 media: use strscpy() instead of strlcpy() 2018-09-11 13:32:17 -04:00
saa7146 media: replace strcpy() by strscpy() 2018-09-11 13:32:17 -04:00
siano media: rc: Remove init_ir_raw_event and DEFINE_IR_RAW_EVENT macros 2018-10-04 14:22:27 -04:00
v4l2-tpg media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD 2018-10-09 08:10:38 -04:00
videobuf2 media: vb2: vb2_mmap: move lock up 2018-11-23 05:54:22 -05:00
btcx-risc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cx2341x.c media: use strscpy() instead of strlcpy() 2018-09-11 13:32:17 -04:00
cypress_firmware.c media: drivers: improve a size determination 2017-09-23 08:20:57 -04:00
cypress_firmware.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig media: drivers/media/common/videobuf2: rename from videobuf 2018-01-23 08:05:02 -05:00
Makefile media: drivers/media/common/videobuf2: rename from videobuf 2018-01-23 08:05:02 -05:00
tveeprom.c [media] tveeprom: get rid of unused arg on tveeprom_hauppauge_analog() 2017-03-03 07:35:02 -03:00