leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
90cd366bc6
linux/drivers
History
Shuah Khan 90cd366bc6 [media] media: Protect enable_source and disable_source handler code paths 
Drivers might try to access and run enable_source and disable_source
handlers when the driver that implements these handlers is clearing
the handlers during its unregister.

Fix the following race condition:

process 1				process 2

request video streaming			unbind au0828
v4l2 checks if tuner is free
...					...

					au0828_unregister_media_device()
...					...
					(doesn't hold graph_mutex)
					mdev->enable_source = NULL;
if (mdev && mdev->enable_source)	mdev->disable_source = NULL;
	mdev->enable_source()
(enable_source holds graph_mutex)

As shown above enable_source check is done without holding the graph_mutex.
If unbind happens to be in progress, au0828 could clear enable_source and
disable_source handlers leading to null pointer de-reference.

Fix it by protecting enable_source and disable_source set and clear and
protecting enable_source and disable_source handler access and the call
itself.

process 1				process 2

request video streaming			unbind au0828
v4l2 checks if tuner is free
...					...

					au0828_unregister_media_device()
...					...
					(hold graph_mutex while clearing)
					mdev->enable_source = NULL;
if (mdev)				mdev->disable_source = NULL;
(hold graph_mutex to check and
 call enable_source)
    if (mdev->enable_source)
	mdev->enable_source()

If graph_mutex is held to just heck for handler being null and needs to be
released before calling the handler, there will be another window for the
handlers to be cleared. Hence, enable_source and disable_source handlers
no longer hold the graph_mutex and expect callers to hold it to avoid
forcing them release the graph_mutex before calling the handlers.

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
2017-02-03 07:39:35 -02:00
..
accessibility
acpi Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
amba
android
ata Merge branch 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2016-12-13 15:30:50 -08:00
atm Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
auxdisplay
base avoid spurious "may be used uninitialized" warning 2016-12-25 14:56:58 -08:00
bcma
block ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-12-16 10:24:44 -08:00
bus cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
cdrom Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
char clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
clk Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2016-12-15 16:06:15 -08:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
connector
cpufreq Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
cpuidle Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
crypto crypto: add virtio-crypto driver 2016-12-16 00:13:32 +02:00
dax libnvdimm for 4.10 2016-12-18 15:49:10 -08:00
dca
devfreq devfreq: rk3399_dmc: Don't use OPP structures outside of RCU locks 2016-12-08 01:46:07 +01:00
dio Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dma ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
dma-buf
edac Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
eisa
extcon sound updates for 4.10-rc1 2016-12-14 11:14:28 -08:00
firewire
firmware firmware: dmi_scan: Always show system identification string 2016-12-19 10:01:47 +01:00
fmc
fpga
gpio - New Device Support 2016-12-19 08:16:26 -08:00
gpu ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
hid [media] rc-main: assign driver type during allocation 2017-01-30 13:59:57 -02:00
hsi
hv clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
hwmon hwmon: (g762) Fix overflows and crash seen when writing limit attributes 2016-12-12 11:33:44 -08:00
hwspinlock
hwtracing coresight/etm3/4x: Consolidate hotplug state space 2016-12-25 10:47:44 +01:00
i2c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ide Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
idle Power management material for v4.10-rc1 2016-12-13 10:41:53 -08:00
iio ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
infiniband Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
input ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
iommu More ACPI updates for v4.10-rc1 2016-12-22 10:19:32 -08:00
ipack
irqchip Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
isdn Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
leds cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
lguest Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
lightnvm Char/Misc driver patches for 4.10-rc1 2016-12-13 12:11:01 -08:00
macintosh Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mailbox ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
mcb
md Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
media [media] media: Protect enable_source and disable_source handler code paths 2017-02-03 07:39:35 -02:00
memory
memstick Merge branch 'for-4.10/block' of git://git.kernel.dk/linux-block 2016-12-13 10:19:16 -08:00
message Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mfd - New Device Support 2016-12-19 08:16:26 -08:00
misc Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mmc Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
mtd Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
net Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
nfc
ntb ntb_transport: Remove unnecessary call to ntb_peer_spad_read 2016-12-23 16:11:07 -05:00
nubus Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
nvdimm libnvdimm for 4.10 2016-12-18 15:49:10 -08:00
nvme nvme : Use correct scnprintf in cmb show 2016-12-19 08:35:24 -07:00
nvmem
of pci-v4.10-changes 2016-12-15 12:46:48 -08:00
oprofile Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
parisc Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
parport Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
pci ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
pcmcia drivers/pcmcia/m32r_pcc.c: check return from add_pcc_socket 2016-12-12 18:55:06 -08:00
perf cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
phy SCSI misc on 20161213 2016-12-14 10:49:33 -08:00
pinctrl ARM: DT updates for v4.10 2016-12-15 15:50:24 -08:00
platform ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
pnp Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
power ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
powercap
pps
ps3
ptp Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-12 19:56:15 -08:00
pwm pwm: Changes for v4.10-rc1 2016-12-15 11:45:13 -08:00
rapidio
ras
regulator - New Device Support 2016-12-19 08:16:26 -08:00
remoteproc remoteproc: qcom_adsp_pil: select qcom_scm 2016-12-09 16:16:56 -08:00
reset ARM: SoC driver updates for v4.10 2016-12-15 16:03:25 -08:00
rpmsg rpmsg updates for v4.10 2016-12-13 08:52:45 -08:00
rtc ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
s390 ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
sbus Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
scsi Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
sfi
sh lib: radix-tree: check accounting of existing slot replacement users 2016-12-12 18:55:08 -08:00
sn
soc powerpc updates for 4.10 2016-12-16 09:26:42 -08:00
spi dmaengine updates for 4.10-rc1 2016-12-14 20:42:45 -08:00
spmi
ssb
staging [media] v4l: omap4iss: Clean up file handle in open() and release() 2017-01-31 11:50:06 -02:00
target Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux 2016-12-21 10:16:05 -08:00
tc
thermal Power management material for v4.10-rc1 2016-12-13 10:41:53 -08:00
thunderbolt Char/Misc driver patches for 4.10-rc1 2016-12-13 12:11:01 -08:00
tty Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
uio uio-hv-generic: store physical addresses instead of virtual 2016-12-10 14:57:58 +01:00
usb ktime: Cleanup ktime_set() usage 2016-12-25 17:21:22 +01:00
uwb
vfio powerpc updates for 4.10 2016-12-16 09:26:42 -08:00
vhost Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-12-16 10:24:44 -08:00
video Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
virt
virtio virtio_mmio: Set dev.release() to avoid warning 2016-12-16 00:13:39 +02:00
vlynq
vme
w1
watchdog Watchdog updates for v4.10 2016-12-24 11:27:45 -08:00
xen cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
zorro Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
Kconfig
Makefile