mirrors
/
anolis-cloud-kernel
mirror of https://gitee.com/anolis/cloud-kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
anolis-cloud-kernel/include/media
History
shaomingyin f272508881 media: dvb-core: Fix use-after-free due on race condition at dvb_net 
ANBZ: #14743

[ Upstream commit 4172385b0c ]

A race condition may occur between the .disconnect function, which
is called when the device is disconnected, and the dvb_device_open()
function, which is called when the device node is open()ed.
This results in several types of UAFs.

The root cause of this is that you use the dvb_device_open() function,
which does not implement a conditional statement
that checks 'dvbnet->exit'.

So, add 'remove_mutex` to protect 'dvbnet->exit' and use
locked_dvb_net_open() function to check 'dvbnet->exit'.

[mchehab: fix a checkpatch warning]

Fixes: CVE-2022-45886
Link: https://lore.kernel.org/linux-media/20221117045925.14297-3-imv4bel@gmail.com
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Shao Mingyin <shao.mingyin@zte.com.cn>
Reviewed-by: Guixin Liu <kanie@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/5341
 		2025-05-27 09:48:29 +00:00
..
davinci media: davinci: replace http references with https 2020-07-19 07:54:47 +02:00
drv-intf ARM: s3c24xx: drop s3c-camif setup platform code 2020-08-19 20:57:32 +02:00
i2c media: smiapp: Move definitions under driver directory 2020-02-27 17:49:04 -03:00
tpg media: v4l2-tpg: Clamp hue in tpg_s_hue() 2020-08-26 18:51:34 +02:00
cec-notifier.h Update rmk's email address in various drivers 2020-04-21 17:50:09 +01:00
cec-pin.h media: cec-gpio: handle gpiod_get_value errors correctly 2020-04-29 12:04:38 +02:00
cec.h media: cec: no need to check return value of debugfs_create functions 2020-09-01 14:13:26 +02:00
demux.h
dmxdev.h
dvb-usb-ids.h media: dvb-usb: Add Cinergy S2 PCIe Dual Port support 2020-05-25 09:09:39 +02:00
dvb_ca_en50221.h
dvb_demux.h
dvb_frontend.h media: dvb_frontend.h: Fix shifting signed 32-bit value problem 2019-08-14 05:04:08 -03:00
dvb_math.h
dvb_net.h media: dvb-core: Fix use-after-free due on race condition at dvb_net 2025-05-27 09:48:29 +00:00
dvb_ringbuffer.h
dvb_vb2.h
dvbdev.h media: dvbdev.h: keep * together with the type 2020-07-19 14:26:25 +02:00
fwht-ctrls.h
h264-ctrls.h media: uapi: h264: Rename and clarify PPS_FLAG_SCALING_MATRIX_PRESENT 2020-09-01 14:13:28 +02:00
hevc-ctrls.h media: hevc: Fix dependent slice segment flags 2021-07-14 16:55:51 +02:00
imx.h
media-dev-allocator.h media: Fix Media Controller API config checks 2021-07-14 16:55:56 +02:00
media-device.h media: media-device.h: drop duplicated word in comment 2020-07-19 14:00:07 +02:00
media-devnode.h media: media-devnode.h: drop duplicated word in comment 2020-07-19 14:00:12 +02:00
media-entity.h media: media-entity.h: drop duplicated word in comment 2020-07-19 14:00:21 +02:00
media-request.h
mpeg2-ctrls.h
rc-core.h media: rc: harmonize infrared durations to microseconds 2020-09-03 16:18:55 +02:00
rc-map.h media: rc: compile rc-cec.c into rc-core 2021-03-17 17:06:20 +01:00
rcar-fcp.h
tuner-types.h
tuner.h
tveeprom.h
v4l2-async.h media: v4l2-async: Clean v4l2_async_notifier_add_fwnode_remote_subdev 2021-07-14 16:56:11 +02:00
v4l2-clk.h
v4l2-common.h media: vivid: Add support to the CSC API 2020-09-26 10:21:34 +02:00
v4l2-ctrls.h media: v4l2-ctrls: fix reference to freed memory 2021-05-11 14:47:39 +02:00
v4l2-dev.h media: v4l2-dev: Add v4l2_device_register_ro_subdev_node() 2020-05-12 17:04:07 +02:00
v4l2-device.h media: v4l2-dev: Add v4l2_device_register_ro_subdev_node() 2020-05-12 17:04:07 +02:00
v4l2-dv-timings.h
v4l2-event.h
v4l2-fh.h media: v4l2-fh: define v4l2_fh struct regardless of condition 2020-04-21 13:40:06 +02:00
v4l2-flash-led-class.h
v4l2-fwnode.h media: v4l2-fwnode: v4l2_fwnode_endpoint_parse caller must init vep argument 2020-12-30 11:53:11 +01:00
v4l2-h264.h media: uapi: h264: Clean slice invariants syntax elements 2020-09-01 14:13:28 +02:00
v4l2-image-sizes.h media: v4l2-image-sizes: add HD and Full-HD definitions 2020-04-21 17:21:51 +02:00
v4l2-ioctl.h media: v4l2-core: fix v4l2_buffer handling for time64 ABI 2020-01-03 15:50:21 +01:00
v4l2-jpeg.h media: add v4l2 JPEG helpers 2020-04-14 11:47:47 +02:00
v4l2-mc.h media: v4l2: Correct kernel-doc inconsistency 2020-08-06 11:25:07 +02:00
v4l2-mediabus.h media: v4l2-fwnode: Return -EINVAL for invalid bus-type 2020-12-30 11:53:11 +01:00
v4l2-mem2mem.h media: v4l2-mem2mem: add v4l2_m2m_suspend, v4l2_m2m_resume 2020-08-28 15:20:40 +02:00
v4l2-rect.h media: v4l2-rect.h: add enclosed rectangle helper 2020-07-04 12:29:38 +02:00
v4l2-subdev.h media: subdev: disallow ioctl for saa6588/davinci 2021-07-19 09:45:02 +02:00
videobuf-core.h
videobuf-dma-contig.h
videobuf-dma-sg.h media: videobuf-dma-sg: number of pages should be unsigned long 2020-09-03 11:12:20 +02:00
videobuf-vmalloc.h
videobuf2-core.h media: media/v4l2: remove V4L2_FLAG_MEMORY_NON_CONSISTENT flag 2020-09-14 15:28:06 +02:00
videobuf2-dma-contig.h media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size 2020-06-11 19:20:55 +02:00
videobuf2-dma-sg.h
videobuf2-dvb.h
videobuf2-memops.h
videobuf2-v4l2.h media: videobuf2-v4l2.c: add vb2_video_unregister_device helper function 2020-08-28 14:58:48 +02:00
videobuf2-vmalloc.h
vp8-ctrls.h media: uapi: new file needs types.h 2019-07-23 08:19:32 -04:00
vsp1.h