mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/include/media
History
Mauro Carvalho Chehab ec21a38df7 Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend" 
As reported by Thomas Voegtle <tv@lio96.de>, sometimes a DVB card does
not initialize properly booting Linux 6.4-rc4. This is not always, maybe
in 3 out of 4 attempts.

After double-checking, the root cause seems to be related to the
UAF fix, which is causing a race issue:

[   26.332149] tda10071 7-0005: found a 'NXP TDA10071' in cold state, will try to load a firmware
[   26.340779] tda10071 7-0005: downloading firmware from file 'dvb-fe-tda10071.fw'
[  989.277402] INFO: task vdr:743 blocked for more than 491 seconds.
[  989.283504]       Not tainted 6.4.0-rc5-i5 #249
[  989.288036] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  989.295860] task:vdr             state:D stack:0     pid:743   ppid:711    flags:0x00004002
[  989.295865] Call Trace:
[  989.295867]  <TASK>
[  989.295869]  __schedule+0x2ea/0x12d0
[  989.295877]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  989.295881]  schedule+0x57/0xc0
[  989.295884]  schedule_preempt_disabled+0xc/0x20
[  989.295887]  __mutex_lock.isra.16+0x237/0x480
[  989.295891]  ? dvb_get_property.isra.10+0x1bc/0xa50
[  989.295898]  ? dvb_frontend_stop+0x36/0x180
[  989.338777]  dvb_frontend_stop+0x36/0x180
[  989.338781]  dvb_frontend_open+0x2f1/0x470
[  989.338784]  dvb_device_open+0x81/0xf0
[  989.338804]  ? exact_lock+0x20/0x20
[  989.338808]  chrdev_open+0x7f/0x1c0
[  989.338811]  ? generic_permission+0x1a2/0x230
[  989.338813]  ? link_path_walk.part.63+0x340/0x380
[  989.338815]  ? exact_lock+0x20/0x20
[  989.338817]  do_dentry_open+0x18e/0x450
[  989.374030]  path_openat+0xca5/0xe00
[  989.374031]  ? terminate_walk+0xec/0x100
[  989.374034]  ? path_lookupat+0x93/0x140
[  989.374036]  do_filp_open+0xc0/0x140
[  989.374038]  ? __call_rcu_common.constprop.91+0x92/0x240
[  989.374041]  ? __check_object_size+0x147/0x260
[  989.374043]  ? __check_object_size+0x147/0x260
[  989.374045]  ? alloc_fd+0xbb/0x180
[  989.374048]  ? do_sys_openat2+0x243/0x310
[  989.374050]  do_sys_openat2+0x243/0x310
[  989.374052]  do_sys_open+0x52/0x80
[  989.374055]  do_syscall_64+0x5b/0x80
[  989.421335]  ? __task_pid_nr_ns+0x92/0xa0
[  989.421337]  ? syscall_exit_to_user_mode+0x20/0x40
[  989.421339]  ? do_syscall_64+0x67/0x80
[  989.421341]  ? syscall_exit_to_user_mode+0x20/0x40
[  989.421343]  ? do_syscall_64+0x67/0x80
[  989.421345]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  989.421348] RIP: 0033:0x7fe895d067e3
[  989.421349] RSP: 002b:00007fff933c2ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  989.421351] RAX: ffffffffffffffda RBX: 00007fff933c2c10 RCX: 00007fe895d067e3
[  989.421352] RDX: 0000000000000802 RSI: 00005594acdce160 RDI: 00000000ffffff9c
[  989.421353] RBP: 0000000000000802 R08: 0000000000000000 R09: 0000000000000000
[  989.421353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  989.421354] R13: 00007fff933c2ca0 R14: 00000000ffffffff R15: 00007fff933c2c90
[  989.421355]  </TASK>

This reverts commit 6769a0b7ee.

Fixes: 6769a0b7ee ("media: dvb-core: Fix use-after-free on race condition at dvb_frontend")
Link: https://lore.kernel.org/all/da5382ad-09d6-20ac-0d53-611594b30861@lio96.de/
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
 		2023-06-14 23:16:29 +01:00
..
davinci media updates for v6.3-rc1 2023-02-26 11:47:26 -08:00
drv-intf media: saa7146: convert to vb2 2023-04-15 08:53:31 +01:00
i2c media: i2c: Drop unused sr030pc30 camera sensor driver 2023-04-15 09:56:49 +01:00
tpg media: v4l2-tpg: add HDMI Video Guard Band test pattern 2022-06-20 10:30:30 +01:00
cec-notifier.h Update rmk's email address in various drivers 2020-04-21 17:50:09 +01:00
cec-pin.h media: cec-gpio: handle gpiod_get_value errors correctly 2020-04-29 12:04:38 +02:00
cec.h media: cec-adap.c: drop activate_cnt, use state info instead 2022-05-13 11:29:39 +02:00
demux.h
dmxdev.h media: dmxdev: drop unneeded <linux/kernel.h> inclusion from other headers 2021-12-14 16:19:04 +01:00
dvb-usb-ids.h media: dvb-usb: dib0700_devices: use an enum for the device number 2022-04-18 07:36:44 +02:00
dvb_ca_en50221.h
dvb_demux.h
dvb_frontend.h Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend" 2023-06-14 23:16:29 +01:00
dvb_math.h
dvb_net.h media: dvb-core: Fix use-after-free due on race condition at dvb_net 2023-05-14 06:30:45 +01:00
dvb_ringbuffer.h media: dvb_ringbuffer: Fix typo in dvb_ringbuffer_pkt_write() kerneldoc 2022-11-25 09:45:47 +00:00
dvb_vb2.h
dvbdev.h media: dvb-core: Fix use-after-free due to race at dvb_register_device() 2023-05-14 06:30:58 +01:00
frame_vector.h media: videobuf2: revert "get_userptr: buffers are always writable" 2022-12-06 07:14:31 +00:00
imx.h
media-dev-allocator.h media: Fix Media Controller API config checks 2021-06-24 14:26:00 +02:00
media-device.h media: mc-device: remove unnecessary __must_check 2023-04-11 18:54:01 +02:00
media-devnode.h media: media-devnode.h: drop duplicated word in comment 2020-07-19 14:00:12 +02:00
media-entity.h media: mc: entity: Add entity iterator for media_pipeline 2023-02-06 08:33:44 +01:00
media-request.h
mipi-csi2.h media: Add MIPI CSI-2 28 bits per pixel raw data type 2022-05-17 09:17:26 +02:00
ov_16bit_addr_reg_helpers.h media: core: add ov_16bit_addr_reg_helpers.h 2023-02-08 08:23:50 +01:00
rc-core.h media: rc-core: rename ir_raw_event_reset to ir_raw_event_overflow 2022-01-28 19:32:50 +01:00
rc-map.h media: rc: add Beelink Mini MXIII keymap 2023-03-19 22:21:54 +01:00
rcar-fcp.h
tuner-types.h
tuner.h Linux 5.15-rc4 2021-10-04 07:52:13 +02:00
tveeprom.h media: drop unnecessary networking includes 2023-03-19 22:50:06 +01:00
v4l2-async.h media: v4l2-async: Add notifier operation to destroy asd instances 2022-07-17 11:20:08 +01:00
v4l2-common.h media fixes for v6.1-rc2 2022-10-22 15:30:15 -07:00
v4l2-ctrls.h media: v4l2-ctrls: Fix doc for v4l2_ctrl_request_hdl_find 2023-03-20 16:21:47 +01:00
v4l2-dev.h media: mc: convert pipeline funcs to take media_pad 2022-09-24 09:22:30 +02:00
v4l2-device.h media: fix kernel-doc markups 2020-11-16 10:31:16 +01:00
v4l2-dv-timings.h media: fix kernel-doc markups 2020-11-16 10:31:16 +01:00
v4l2-event.h media: v4l2-dev/event: add v4l2_event_wake_all() 2021-01-04 13:14:25 +01:00
v4l2-fh.h media: v4l2-fh: define v4l2_fh struct regardless of condition 2020-04-21 13:40:06 +02:00
v4l2-flash-led-class.h
v4l2-fwnode.h media: Remove incorrect comment from struct v4l2_fwnode_endpoint 2022-09-24 09:06:49 +02:00
v4l2-h264.h media: h264: Sort p/b reflist using frame_num 2022-05-17 10:02:29 +02:00
v4l2-image-sizes.h media: v4l2-image-sizes: add HD and Full-HD definitions 2020-04-21 17:21:51 +02:00
v4l2-ioctl.h media: v4l2: prepare compat-ioctl rework 2020-11-16 10:31:05 +01:00
v4l2-jpeg.h media: Add parsing for APP14 data segment in jpeg helpers 2021-03-22 10:35:36 +01:00
v4l2-mc.h media: Accept non-subdev sinks in v4l2_create_fwnode_links_to_pad() 2023-04-11 18:54:01 +02:00
v4l2-mediabus.h media: v4l2-mediabus: add support for dual edge sampling 2022-12-07 17:58:46 +01:00
v4l2-mem2mem.h media: media/v4l2-mem2mem.h: rename 'videobuf' to 'vb2' 2022-08-29 15:47:03 +02:00
v4l2-rect.h media: v4l2-rect.h: add enclosed rectangle helper 2020-07-04 12:29:38 +02:00
v4l2-subdev.h media: v4l2-subdev: Fix missing kerneldoc for client_caps 2023-06-02 18:46:09 +01:00
v4l2-vp9.h media: Add VP9 v4l2 library 2021-11-22 07:47:13 +00:00
videobuf-core.h
videobuf-dma-contig.h
videobuf-dma-sg.h media: videobuf-dma-sg: number of pages should be unsigned long 2020-09-03 11:12:20 +02:00
videobuf-vmalloc.h
videobuf2-core.h media: vb2: add (un)prepare_streaming queue ops 2022-11-25 07:39:46 +00:00
videobuf2-dma-contig.h media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size 2020-06-11 19:20:55 +02:00
videobuf2-dma-sg.h
videobuf2-dvb.h media: vb2: videobuf -> videobuf2 2022-08-29 15:38:09 +02:00
videobuf2-memops.h media: videobuf2: revert "get_userptr: buffers are always writable" 2022-12-06 07:14:31 +00:00
videobuf2-v4l2.h media: videobuf2: Remove vb2_find_timestamp() 2022-08-30 14:44:45 +02:00
videobuf2-vmalloc.h
vsp1.h media: vsp1: Add premultiplied alpha support 2022-09-07 23:48:39 +03:00