github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
793,058 Commits 1 Branch 934 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
f217cef919
Go to file
Alan Stern f217cef919 media: usbvision: Fix races among open, close, and disconnect 
commit 9e08117c9d upstream.

Visual inspection of the usbvision driver shows that it suffers from
three races between its open, close, and disconnect handlers.  In
particular, the driver is careful to update its usbvision->user and
usbvision->remove_pending flags while holding the private mutex, but:

	usbvision_v4l2_close() and usbvision_radio_close() don't hold
	the mutex while they check the value of
	usbvision->remove_pending;

	usbvision_disconnect() doesn't hold the mutex while checking
	the value of usbvision->user; and

	also, usbvision_v4l2_open() and usbvision_radio_open() don't
	check whether the device has been unplugged before allowing
	the user to open the device files.

Each of these can potentially lead to usbvision_release() being called
twice and use-after-free errors.

This patch fixes the races by reading the flags while the mutex is
still held and checking for pending removes before allowing an open to
succeed.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-12-01 09:17:39 +01:00
arch x86/speculation: Fix redundant MDS mitigation message 2019-12-01 09:17:37 +01:00
block block: call rq_qos_exit() after queue is frozen 2019-12-01 09:17:06 +01:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: testmgr - fix sizeof() on COMP_BUF_SIZE 2019-12-01 09:16:13 +01:00
Documentation x86/speculation: Fix incorrect MDS/TAA mitigation status 2019-12-01 09:17:37 +01:00
drivers media: usbvision: Fix races among open, close, and disconnect 2019-12-01 09:17:39 +01:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs ocfs2: remove ocfs2_is_o2cb_active() 2019-12-01 09:17:36 +01:00
include y2038: futex: Move compat implementation into futex.c 2019-12-01 09:17:38 +01:00
init initramfs: don't free a non-existent initrd 2019-10-01 08:26:09 +02:00
ipc ipc/mqueue.c: only perform resource calculation if user valid 2019-08-06 19:06:52 +02:00
kernel futex: Prevent robust futex exit race 2019-12-01 09:17:38 +01:00
lib lib/bitmap.c: fix remaining space computation in bitmap_print_to_pagebuf 2019-12-01 09:17:08 +01:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() 2019-12-01 09:17:36 +01:00
net cfg80211: call disconnect_wk when AP stops 2019-12-01 09:17:34 +01:00
samples mei: samples: fix a signedness bug in amt_host_if_call() 2019-11-24 08:19:50 +01:00
scripts scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks 2019-11-06 13:05:27 +01:00
security ima: fix freeing ongoing ahash_request 2019-10-11 18:21:11 +02:00
sound ALSA: usb-audio: Fix NULL dereference at parsing BADD 2019-12-01 09:17:38 +01:00
tools x86/insn: Fix awk regexp warnings 2019-12-01 09:17:37 +01:00
usr kbuild: clean compressed initramfs image 2019-10-07 18:57:16 +02:00
virt KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved 2019-12-01 09:17:35 +01:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS USB: rio500: Remove Rio 500 kernel driver 2019-10-17 13:44:47 -07:00
Makefile Linux 4.19.86 2019-11-24 08:21:09 +01:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.