kernel_samsung_a53x/drivers/media/usb/pvrusb2
Ricardo B. Marliere 3362732a94 media: pvrusb2: fix use after free on context disconnection
[ Upstream commit ded85b0c0edd8f45fec88783d7555a5b982449c1 ]

Upon module load, a kthread is created targeting the
pvr2_context_thread_func function, which may call pvr2_context_destroy
and thus call kfree() on the context object. However, that might happen
before the usb hub_event handler is able to notify the driver. This
patch adds a sanity check before the invalid read reported by syzbot,
within the context disconnection call stack.

Reported-and-tested-by: syzbot+621409285c4156a009b3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000a02a4205fff8eb92@google.com/

Fixes: e5be15c63804 ("V4L/DVB (7711): pvrusb2: Fix race on module unload")
Signed-off-by: Ricardo B. Marliere <ricardo@marliere.net>
Acked-by: Mike Isely <isely@pobox.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-18 12:12:39 +01:00
..
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-audio.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-audio.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-context.c media: pvrusb2: fix use after free on context disconnection 2024-11-18 12:12:39 +01:00
pvrusb2-context.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-cs53l32a.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-cs53l32a.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-ctrl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-ctrl.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-cx2584x-v4l.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-cx2584x-v4l.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-debug.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-debugifc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-debugifc.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-devattr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-devattr.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-dvb.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-dvb.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-eeprom.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-eeprom.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-encoder.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-encoder.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-fx2-cmd.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-hdw-internal.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-hdw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-hdw.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-i2c-core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-i2c-core.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-io.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-io.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-ioread.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-ioread.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-main.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-std.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-std.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-sysfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-sysfs.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-util.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-v4l2.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-v4l2.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-video-v4l.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-video-v4l.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-wm8775.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2-wm8775.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pvrusb2.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00