mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-17 16:15:18 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Matthias Schwarzott 412b16d623 media: cx23885: Fix use-after-free when unregistering the i2c_client for the dvb demod 
Unregistering the i2c_client of the demod driver destroys the frontend
object.
Calling vb2_dvb_unregister_bus later accesses the frontend (and with the
refcount_t) conversion the refcount_t code complains:

kernel: ------------[ cut here ]------------
kernel: WARNING: CPU: 0 PID: 7883 at lib/refcount.c:128 refcount_sub_and_test+0x70/0x80
kernel: refcount_t: underflow; use-after-free.
kernel: Modules linked in: bluetooth si2165(O) a8293(O) tda10071(O) tea5767(O) tuner(O) cx23885(O-) tda18271(O) videobuf2_dvb(O) videobuf2_dma_sg(O) m88ds3103(O) tveeprom(O) cx2341x(O) v4l2_common(O) dvb_core(O) rc_core(O) videobuf2_memops(O) videobuf2_v4l2(O) ums_realtek videobuf2_core(O) uas videodev(O) media(O) rtl8192cu i2c_mux usb_storage rtl_usb rtl8192c_common rtlwifi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core x86_pkg_temp_thermal kvm_intel kvm irqbypass
kernel: CPU: 0 PID: 7883 Comm: rmmod Tainted: G        W  O    4.11.3-gentoo #3
kernel: Hardware name: MEDION E2050 2391/H81H3-EM2, BIOS H81EM2W08.308 08/25/2014
kernel: Call Trace:
kernel:  dump_stack+0x4d/0x66
kernel:  __warn+0xc6/0xe0
kernel:  warn_slowpath_fmt+0x46/0x50
kernel:  ? kobject_put+0x2f/0x60
kernel:  refcount_sub_and_test+0x70/0x80
kernel:  refcount_dec_and_test+0x11/0x20
kernel:  dvb_unregister_frontend+0x42/0x60 [dvb_core]
kernel:  vb2_dvb_dealloc_frontends+0x9e/0x100 [videobuf2_dvb]
kernel:  vb2_dvb_unregister_bus+0xd/0x20 [videobuf2_dvb]
kernel:  cx23885_dvb_unregister+0xc3/0x110 [cx23885]
kernel:  cx23885_dev_unregister+0xea/0x150 [cx23885]
kernel:  cx23885_finidev+0x4f/0x70 [cx23885]
kernel:  pci_device_remove+0x34/0xb0
kernel:  device_release_driver_internal+0x150/0x200
kernel:  driver_detach+0x33/0x70
kernel:  bus_remove_driver+0x47/0xa0
kernel:  driver_unregister+0x27/0x50
kernel:  pci_unregister_driver+0x34/0x90
kernel:  cx23885_fini+0x10/0x12 [cx23885]
kernel:  SyS_delete_module+0x166/0x220
kernel:  ? exit_to_usermode_loop+0x7b/0x80
kernel:  entry_SYSCALL_64_fastpath+0x17/0x98
kernel: RIP: 0033:0x7f5901680b07
kernel: RSP: 002b:00007ffdf6cdb028 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
kernel: RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5901680b07
kernel: RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000000001500258
kernel: RBP: 00000000015001f0 R08: 0000000000000000 R09: 1999999999999999
kernel: R10: 0000000000000884 R11: 0000000000000206 R12: 00007ffdf6cda010
kernel: R13: 0000000000000000 R14: 00000000015001f0 R15: 00000000014ff010
kernel: ---[ end trace c3a4659b89086061 ]---

Signed-off-by: Matthias Schwarzott <zzam@gentoo.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
2017-08-27 06:32:54 -04:00
..
accessibility
acpi Merge branches 'acpi-soc', 'acpi-wdat' and 'acpi-cppc' 2017-08-03 20:30:18 +02:00
amba
android binder: Use wake up hint for synchronous transactions. 2017-07-17 14:44:19 +02:00
ata libata: fix a couple of doc build warnings 2017-07-31 08:03:06 -07:00
atm atm: zatm: Fix an error handling path in 'zatm_init_one()' 2017-07-18 11:37:46 -07:00
auxdisplay
base dma mapping fixes for 4.13-rc2: 2017-07-25 17:17:18 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-07-28 12:13:34 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-07-05 12:31:59 -07:00
bus bus: uniphier-system-bus: set up registers when resuming 2017-08-04 12:57:18 +02:00
cdrom block: don't set bounce limit in blk_init_queue 2017-06-27 12:13:45 -06:00
char Add wait_for_random_bytes() and get_random_*_wait() functions so that 2017-07-15 12:44:02 -07:00
clk clk: keystone: sci-clk: Fix sci_clk_get 2017-08-02 18:37:26 -07:00
clocksource clocksource/drivers/timer-of: Handle of_irq_get_byname() result correctly 2017-07-17 22:43:00 +02:00
connector
cpufreq Merge branches 'pm-cpufreq-x86', 'pm-cpufreq-docs' and 'intel_pstate' 2017-08-03 20:29:24 +02:00
cpuidle powerpc updates for 4.13 2017-07-07 13:55:45 -07:00
crypto crypto: brcm - remove BCM_PDC_MBOX dependency in Kconfig 2017-07-18 17:01:08 +08:00
dax - A few DM integrity fixes that improve performance. One that address 2017-07-28 12:17:17 -07:00
dca
devfreq PM / devfreq: constify attribute_group structures. 2017-07-06 10:17:24 +09:00
dio
dma dmaengine updates for 4.13-rc1 2017-07-08 12:36:50 -07:00
dma-buf Merge branch 'drm-misc-next-fixes' into drm-misc-fixes 2017-07-17 11:56:07 -04:00
edac EDAC, pnd2: Fix Apollo Lake DIMM detection 2017-06-29 10:37:50 +02:00
eisa
extcon
firewire
firmware efi: avoid fortify checks in EFI stub 2017-07-12 16:26:02 -07:00
fmc
fpga
fsi drivers/fsi: fix fsi_slave_mode prototype 2017-07-17 16:13:54 +02:00
gpio gpio: tegra: fix unbalanced chained_irq_enter/exit 2017-08-02 10:42:38 +02:00
gpu Merge branch 'drm-fixes-4.13' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2017-08-04 11:43:14 +10:00
hid media: rc: rename RC_TYPE_* to RC_PROTO_* and RC_BIT_* to RC_PROTO_BIT_* 2017-08-20 10:02:48 -04:00
hsi HSI changes for the v4.13 series 2017-07-04 14:28:22 -07:00
hv vmbus: re-enable channel tasklet 2017-07-17 15:00:47 +02:00
hwmon hwmon: (applesmc) Avoid buffer overruns 2017-07-15 16:38:56 -07:00
hwspinlock
hwtracing Char/Misc patches for 4.13-rc1 2017-07-03 20:55:59 -07:00
i2c Merge branch 'i2c/for-4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2017-07-12 10:04:56 -07:00
ide ide: avoid warning for timings calculation 2017-07-21 04:37:22 +01:00
idle intel_idle: Use more common logging style 2017-06-29 22:58:35 +02:00
iio hwmon updates for v4.13: 2017-07-04 11:48:27 -07:00
infiniband RDMA/core: Initialize port_num in qp_attr 2017-07-20 11:24:13 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-07-14 22:53:37 -07:00
iommu iommu/amd: Fix schedule-while-atomic BUG in initialization code 2017-07-26 15:39:14 +02:00
ipack
irqchip irqchip/digicolor: Drop unnecessary static 2017-07-18 21:59:23 +02:00
isdn isdn/i4l: fix buffer overflow 2017-08-02 20:43:36 -07:00
leds media: leds: as3645a: Add LED flash class driver 2017-08-26 20:30:12 -04:00
lguest
lightnvm lightnvm: pblk: advance bio according to lba index 2017-07-28 08:06:00 -06:00
macintosh Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 13:13:32 -07:00
mailbox mailbox: pcc: Fix crash when request PCC channel 0 2017-07-26 02:11:47 +02:00
mcb
md Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-07-28 12:24:21 -07:00
media media: cx23885: Fix use-after-free when unregistering the i2c_client for the dvb demod 2017-08-27 06:32:54 -04:00
memory ARM: SoC driver updates 2017-07-04 14:47:47 -07:00
memstick
message
mfd chrome-platform-for-linus-4.13 2017-07-11 09:55:47 -07:00
misc powerpc updates for 4.13 2017-07-07 13:55:45 -07:00
mmc mmc: block: bypass the queue even if usage is present for hotplug 2017-08-03 11:00:39 +02:00
mtd MTD updates for v4.13-rc1: 2017-07-13 12:07:44 -07:00
mux mux: mux-core: unregister mux_class in mux_exit() 2017-07-17 16:38:35 +02:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-07-31 22:36:42 -07:00
nfc NFC 4.13 pull request 2017-07-01 14:30:39 -07:00
ntb ntb: Add error path/handling to Debug FS entry creation 2017-07-06 11:30:08 -04:00
nubus
nvdimm libnvdimm: fix badblock range handling of ARS range 2017-07-17 11:43:58 -07:00
nvme nvme: validate admin queue before unquiesce 2017-07-26 17:41:41 +02:00
nvmem nvmem: rockchip-efuse: amend compatible rk322x-efuse to rk3228-efuse 2017-07-17 16:15:57 +02:00
of Merge remote-tracking branches 'asoc/fix/dpcm', 'asoc/fix/imx', 'asoc/fix/msm8916', 'asoc/fix/multi-pcm', 'asoc/fix/of-graph' and 'asoc/fix/pxa' into asoc-linus 2017-08-01 15:17:06 +01:00
oprofile
parisc parisc: pdc_stable: Fix locking when creating sysfs links 2017-07-31 16:43:13 +02:00
parport
pci Power management fixes for v4.13-rc1 2017-07-14 22:24:25 -07:00
pcmcia
perf drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU 2017-07-27 13:43:22 +01:00
phy phy: bcm-ns-usb3: fix MDIO_BUS dependency 2017-07-27 17:20:19 -07:00
pinctrl pinctrl: stm32: select IRQ_DOMAIN_HIERARCHY instead of depends on 2017-08-01 10:04:41 +02:00
platform platform/x86: intel-vbtn: match power button on press rather than release 2017-08-05 14:37:19 -07:00
pnp This is the bulk of GPIO changes for the v4.13 series: 2017-07-07 12:40:27 -07:00
power power supply and reset changes for the v4.13 series (part 2) 2017-07-13 11:47:59 -07:00
powercap powercap/RAPL: prevent overridding bits outside of the mask 2017-06-28 00:38:34 +02:00
pps
ps3
ptp ptp: dte: Use LL suffix for 64-bit constants 2017-07-06 11:40:58 +01:00
pwm pwm: Changes for v4.13-rc1 2017-07-13 11:49:52 -07:00
rapidio
ras arm64 updates for 4.13: 2017-07-05 17:09:27 -07:00
regulator Merge remote-tracking branches 'regulator/topic/settle', 'regulator/topic/tps65910' and 'regulator/topic/tps65917' into regulator-next 2017-07-03 16:52:21 +01:00
remoteproc remoteproc/keystone: Fix circular dependencies for ARM configs 2017-06-27 16:21:34 -07:00
reset ARM: SoC driver updates 2017-07-04 14:47:47 -07:00
rpmsg rpmsg updates for v4.13 2017-07-06 15:38:31 -07:00
rtc RTC for 4.13 2017-07-13 12:15:06 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2017-07-25 08:44:27 -07:00
sbus sbus: Convert to using %pOF instead of full_name 2017-07-20 12:37:10 -07:00
scsi SCSI fixes on 20170802 2017-08-02 08:43:19 -07:00
sfi
sh drivers/sh/intc/virq.c: delete an error message for a failed memory allocation in add_virq_to_pirq() 2017-07-06 16:24:30 -07:00
sn
soc soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST 2017-07-27 13:12:34 +02:00
spi Merge branch 'for-spi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-08 10:41:53 -07:00
spmi spmi: pmic-arb: Always allocate ppid_to_apid table 2017-07-17 15:00:47 +02:00
ssb
staging media: staging: atomisp: fix bounds checking in mt9m114_s_exposure_selection() 2017-08-26 20:33:18 -04:00
target Add wait_for_random_bytes() and get_random_*_wait() functions so that 2017-07-15 12:44:02 -07:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-07-14 13:12:32 -07:00
thunderbolt Merge branches 'pm-core' and 'pm-misc' 2017-08-03 20:29:45 +02:00
tty gpio: exar: Use correct property prefix and document bindings 2017-08-01 13:43:55 +02:00
uio
usb xhci: fix memleak in xhci_run() 2017-07-20 14:40:36 +02:00
uwb driver core patches for 4.13-rc1 2017-07-03 20:27:48 -07:00
vfio vfio/pci: Fix handling of RC integrated endpoint PCIe capability size 2017-07-27 10:39:33 -06:00
vhost Revert "vhost: cache used event for better performance" 2017-07-29 14:15:56 -07:00
video Merge branch 'akpm' (patches from Andrew) 2017-07-13 12:38:49 -07:00
virt
virtio virtio-balloon: coding format cleanup 2017-07-25 16:37:35 +03:00
vlynq
vme
w1 w1: omap-hdq: fix error return code in omap_hdq_probe() 2017-07-17 16:48:15 +02:00
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2017-07-11 09:59:37 -07:00
xen xen: dont fiddle with event channel masking in suspend/resume 2017-07-27 19:55:46 +02:00
zorro
Kconfig
Makefile