redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/media/rc
History
Sean Young a607f51e5a media: Revert "[media] lirc_dev: remove superfluous get/put_device() calls" 
This reverts commit 5be2b76a9c.

Only when the lirc device is freed, should we drop our reference to
rc_dev, else we the rc_dev is freed to early. If userspace has
a file descriptor open during unplug, it goes bang.

==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x7bb/0x1e10
Read of size 8 at addr ffff8801d7d61ed0 by task ir-rec/2609

-snip-
 mutex_lock_nested+0x1b/0x20
 ? mutex_lock_nested+0x1b/0x20
 rc_close.part.6+0x20/0x60 [rc_core]
 rc_close+0x13/0x20 [rc_core]
 lirc_dev_fop_close+0x62/0xd0 [lirc_dev]
 __fput+0x236/0x410
 ? fput+0xb0/0xb0
 ? do_raw_spin_trylock+0x110/0x110
 ? set_rq_offline.part.70+0xa0/0xa0
 ____fput+0xe/0x10
 task_work_run+0x116/0x180
 ? task_work_cancel+0x170/0x170
 ? _raw_spin_unlock+0x27/0x40
 ? switch_task_namespaces+0x5f/0x90
 do_exit+0x68b/0xe80

Cc: stable@vger.kernel.org # For Kernel 4.13
Fixes: 5be2b76a9c ("[media] lirc_dev: remove superfluous get/put_device() calls")
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
 		2017-09-05 07:28:59 -04:00
..
img-ir media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
keymaps media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
Kconfig media: rc: add zx-irdec remote control driver 2017-08-20 09:50:32 -04:00
Makefile media: rc: add zx-irdec remote control driver 2017-08-20 09:50:32 -04:00
ati_remote.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ene_ir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ene_ir.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
fintek-cir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
fintek-cir.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
gpio-ir-recv.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
gpio-ir-tx.c media: rc: gpio-ir-tx: use ktime accessor functions 2017-08-31 05:35:54 -04:00
igorplugusb.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
iguanair.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
imon.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-hix5hd2.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-jvc-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-lirc-codec.c media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds 2017-07-26 05:46:42 -04:00
ir-mce_kbd-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-nec-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-rc5-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-rc6-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-rx51.c [media] ir-rx51: port to rc-core 2017-01-30 14:25:04 -02:00
ir-sanyo-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-sharp-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-sony-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ir-spi.c media: rc-core: rename input_name to device_name 2017-08-20 09:43:52 -04:00
ir-xmp-decoder.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ite-cir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ite-cir.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
lirc_dev.c media: Revert "[media] lirc_dev: remove superfluous get/put_device() calls" 2017-09-05 07:28:59 -04:00
mceusb.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
meson-ir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
mtk-cir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
nuvoton-cir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
nuvoton-cir.h media: rc: nuvoton: remove rudimentary transmit functionality 2017-08-20 09:47:57 -04:00
pwm-ir-tx.c media: rc: pwm-ir-tx: add new driver 2017-08-20 09:46:18 -04:00
rc-core-priv.h media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
rc-ir-raw.c media: rc: use ktime accessor functions 2017-08-31 05:35:18 -04:00
rc-loopback.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
rc-main.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
redrat3.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
serial_ir.c media: serial_ir: fix tx timing calculation on 32-bit 2017-08-31 05:36:42 -04:00
sir_ir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
st_rc.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
streamzap.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
sunxi-cir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
ttusbir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
winbond-cir.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
zx-irdec.c media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00