redonkable
/
freescale-linux-fslc
1
0
Fork 0
Code Releases Activity
Fork of Freescale Linux kernel for reMarkable2 https://github.com/Freescale/linux-fslc
973,161 Commits
64 Branches
0 Tags
3.9 GiB
C 97.7%
Assembly 1.3%
Shell 0.3%
Makefile 0.3%
Python 0.1%
Other 0.1%
 
 
 
 
 
 
Go to file
Hans Verkuil 5d0f6f5251 media: v4l2-ctrls: fix reference to freed memory 
commit ac34b79da1 upstream.

When controls are used together with the Request API, then for
each request a v4l2_ctrl_handler struct is allocated. This contains
the controls that can be set in a request. If a control is *not* set in
the request, then the value used in the most recent previous request
must be used, or the current value if it is not found in any outstanding
requests.

The framework tried to find such a previous request and it would set
the 'req' pointer in struct v4l2_ctrl_ref to the v4l2_ctrl_ref of the
control in such a previous request. So far, so good. However, when that
previous request was applied to the hardware, returned to userspace, and
then userspace would re-init or free that request, any 'ref' pointer in
still-queued requests would suddenly point to freed memory.

This was not noticed before since the drivers that use this expected
that each request would always have the controls set, so there was
never any need to find a control in older requests. This requirement
was relaxed, and now this bug surfaced.

It was also made worse by changeset
2fae4d6aab ("media: v4l2-ctrls: v4l2_ctrl_request_complete() should always set ref->req")
which increased the chance of this happening.

The use of the 'req' pointer in v4l2_ctrl_ref was very fragile, so
drop this entirely. Instead add a valid_p_req bool to indicate that
p_req contains a valid value for this control. And if it is false,
then just use the current value of the control.

Note that VIDIOC_G_EXT_CTRLS will always return -EACCES when attempting
to get a control from a request until the request is completed. And in
that case, all controls in the request will have the control value set
(i.e. valid_p_req is true). This means that the whole 'find the most
recent previous request containing a control' idea is pointless, and
the code can be simplified considerably.

The v4l2_g_ext_ctrls_common() function was refactored a bit to make
it more understandable. It also avoids updating volatile controls
in a completed request since that was already done when the request
was completed.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Fixes: 2fae4d6aab ("media: v4l2-ctrls: v4l2_ctrl_request_complete() should always set ref->req")
Fixes: 6fa6f831f0 ("media: v4l2-ctrls: add core request support")
Cc: <stable@vger.kernel.org>      # for v5.9 and up
Tested-by: Alexandre Courbot <acourbot@chromium.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-05-11 14:47:39 +02:00
Documentation dt-bindings: net: ethernet-controller: fix typo in NVMEM 2021-04-14 08:42:12 +02:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
arch x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported 2021-05-11 14:47:37 +02:00
block block: return -EBUSY when there are open partitions in blkdev_reread_part 2021-04-28 13:39:59 +02:00
certs certs: Fix blacklist flag type confusion 2021-03-04 11:37:59 +01:00
crypto crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS 2021-05-11 14:47:35 +02:00
drivers media: v4l2-ctrls: fix reference to freed memory 2021-05-11 14:47:39 +02:00
fs ext4: Fix occasional generic/418 failure 2021-05-11 14:47:38 +02:00
include media: v4l2-ctrls: fix reference to freed memory 2021-05-11 14:47:39 +02:00
init init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM 2021-04-10 13:36:11 +02:00
ipc ipc: adjust proc_ipc_sem_dointvec definition to match prototype 2020-09-05 12:14:29 -07:00
kernel kbuild: update config_data.gz only when the content of .config is changed 2021-05-11 14:47:37 +02:00
lib dyndbg: fix parsing file query without a line-range suffix 2021-05-11 14:47:11 +02:00
mm mm: ptdump: fix build failure 2021-04-21 13:00:57 +02:00
net Fix misc new gcc warnings 2021-05-11 14:47:36 +02:00
samples samples, bpf: Add missing munmap in xdpsock 2021-03-17 17:06:12 +01:00
scripts kasan: fix hwasan build for gcc 2021-04-28 13:40:02 +02:00
security security: commoncap: fix -Wstringop-overread warning 2021-05-11 14:47:36 +02:00
sound ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx 2021-05-11 14:47:33 +02:00
tools tools/power/turbostat: Fix turbostat for AMD Zen CPUs 2021-05-11 14:47:33 +02:00
usr Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
virt KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() 2021-02-26 10:13:01 +01:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: docs: ignore sphinx_*/ directories 2020-09-10 10:44:31 -06:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: move the staging subsystem to lists.linux.dev 2021-03-25 09:04:18 +01:00
Makefile Makefile: Move -Wno-unused-but-set-variable out of GCC only block 2021-05-11 14:47:33 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.