iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
693,044 Commits 104 Branches 1,843 Tags 5.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
412b16d623
Go to file
Matthias Schwarzott 412b16d623 media: cx23885: Fix use-after-free when unregistering the i2c_client for the dvb demod 
Unregistering the i2c_client of the demod driver destroys the frontend
object.
Calling vb2_dvb_unregister_bus later accesses the frontend (and with the
refcount_t) conversion the refcount_t code complains:

kernel: ------------[ cut here ]------------
kernel: WARNING: CPU: 0 PID: 7883 at lib/refcount.c:128 refcount_sub_and_test+0x70/0x80
kernel: refcount_t: underflow; use-after-free.
kernel: Modules linked in: bluetooth si2165(O) a8293(O) tda10071(O) tea5767(O) tuner(O) cx23885(O-) tda18271(O) videobuf2_dvb(O) videobuf2_dma_sg(O) m88ds3103(O) tveeprom(O) cx2341x(O) v4l2_common(O) dvb_core(O) rc_core(O) videobuf2_memops(O) videobuf2_v4l2(O) ums_realtek videobuf2_core(O) uas videodev(O) media(O) rtl8192cu i2c_mux usb_storage rtl_usb rtl8192c_common rtlwifi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core x86_pkg_temp_thermal kvm_intel kvm irqbypass
kernel: CPU: 0 PID: 7883 Comm: rmmod Tainted: G        W  O    4.11.3-gentoo #3
kernel: Hardware name: MEDION E2050 2391/H81H3-EM2, BIOS H81EM2W08.308 08/25/2014
kernel: Call Trace:
kernel:  dump_stack+0x4d/0x66
kernel:  __warn+0xc6/0xe0
kernel:  warn_slowpath_fmt+0x46/0x50
kernel:  ? kobject_put+0x2f/0x60
kernel:  refcount_sub_and_test+0x70/0x80
kernel:  refcount_dec_and_test+0x11/0x20
kernel:  dvb_unregister_frontend+0x42/0x60 [dvb_core]
kernel:  vb2_dvb_dealloc_frontends+0x9e/0x100 [videobuf2_dvb]
kernel:  vb2_dvb_unregister_bus+0xd/0x20 [videobuf2_dvb]
kernel:  cx23885_dvb_unregister+0xc3/0x110 [cx23885]
kernel:  cx23885_dev_unregister+0xea/0x150 [cx23885]
kernel:  cx23885_finidev+0x4f/0x70 [cx23885]
kernel:  pci_device_remove+0x34/0xb0
kernel:  device_release_driver_internal+0x150/0x200
kernel:  driver_detach+0x33/0x70
kernel:  bus_remove_driver+0x47/0xa0
kernel:  driver_unregister+0x27/0x50
kernel:  pci_unregister_driver+0x34/0x90
kernel:  cx23885_fini+0x10/0x12 [cx23885]
kernel:  SyS_delete_module+0x166/0x220
kernel:  ? exit_to_usermode_loop+0x7b/0x80
kernel:  entry_SYSCALL_64_fastpath+0x17/0x98
kernel: RIP: 0033:0x7f5901680b07
kernel: RSP: 002b:00007ffdf6cdb028 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
kernel: RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5901680b07
kernel: RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000000001500258
kernel: RBP: 00000000015001f0 R08: 0000000000000000 R09: 1999999999999999
kernel: R10: 0000000000000884 R11: 0000000000000206 R12: 00007ffdf6cda010
kernel: R13: 0000000000000000 R14: 00000000015001f0 R15: 00000000014ff010
kernel: ---[ end trace c3a4659b89086061 ]---

Signed-off-by: Matthias Schwarzott <zzam@gentoo.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
2017-08-27 06:32:54 -04:00
arch media: arm: dts: omap3: N9/N950: Add AS3645A camera flash 2017-08-26 20:30:31 -04:00
block blk-mq: map queues to all present CPUs 2017-07-24 10:01:31 -06:00
certs modsign: add markers to endif-statements in certs/Makefile 2017-07-14 11:01:37 +10:00
crypto crypto: authencesn - Fix digest_null crash 2017-07-18 17:01:11 +08:00
Documentation media: dt: bindings: Document DT bindings for Analog devices as3645a 2017-08-26 20:27:24 -04:00
drivers media: cx23885: Fix use-after-free when unregistering the i2c_client for the dvb demod 2017-08-27 06:32:54 -04:00
firmware firmware/Makefile: force recompilation if makefile changes 2017-05-08 17:15:10 -07:00
fs A large number of ext4 bug fixes and cleanups for v4.13 2017-08-06 12:31:17 -07:00
include media: v4l2-flash-led-class: Document v4l2_flash_init() references 2017-08-26 20:26:57 -04:00
init random: do not ignore early device randomness 2017-07-12 16:26:00 -07:00
ipc ipc: add missing container_of()s for randstruct 2017-08-02 17:16:12 -07:00
kernel Fix compat_sys_sigpending breakage 2017-08-06 11:48:27 -07:00
lib Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-07-31 22:36:42 -07:00
mm mm: take memory hotplug lock within numa_zonelist_order_handler() 2017-08-02 17:16:11 -07:00
net A bunch of fixes and follow-ups for -rc1 Luminous patches: issues with 2017-08-04 10:15:11 -07:00
samples media: v4l2-pci-skeleton: constify vb2_ops structures 2017-08-20 08:03:09 -04:00
scripts DeviceTree fixes for 4.13: 2017-07-28 17:21:41 -07:00
security Now that IPC and other changes have landed, enable manual markings for 2017-07-19 08:55:18 -07:00
sound ASoC: Fixes for v4.13 2017-08-02 17:11:45 +02:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-07-31 22:36:42 -07:00
usr ramfs: clarify help text that compression applies to ramfs as well as legacy ramdisk. 2017-07-06 16:24:30 -07:00
virt KVM/ARM Fixes for v4.13-rc4 2017-08-03 17:59:58 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support to generate LLVM assembly files 2017-04-25 08:13:52 +09:00
.mailmap power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
COPYING
CREDITS avr32: remove support for AVR32 architecture 2017-05-01 09:27:15 +02:00
Kbuild kbuild: Consolidate header generation from ASM offset information 2017-04-13 05:43:37 +09:00
Kconfig
MAINTAINERS media: leds: as3645a: Add LED flash class driver 2017-08-26 20:30:12 -04:00
Makefile Linux 4.13-rc4 2017-08-06 18:44:49 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.