* [patch] [media] xc5000: use after free in release()
@ 2014-09-25 11:40 Dan Carpenter
2014-09-25 14:00 ` Shuah Khan
2014-10-15 13:40 ` Dan Carpenter
0 siblings, 2 replies; 5+ messages in thread
From: Dan Carpenter @ 2014-09-25 11:40 UTC (permalink / raw)
To: Mauro Carvalho Chehab, Shuah Khan
Cc: Fabian Frederick, linux-media, kernel-janitors
I moved the call to hybrid_tuner_release_state(priv) after
"priv->firmware" dereference.
Fixes: 5264a522a597 ('[media] media: tuner xc5000 - release firmwware from xc5000_release()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/media/tuners/xc5000.c b/drivers/media/tuners/xc5000.c
index e44c8ab..803a0e6 100644
--- a/drivers/media/tuners/xc5000.c
+++ b/drivers/media/tuners/xc5000.c
@@ -1333,9 +1333,9 @@ static int xc5000_release(struct dvb_frontend *fe)
if (priv) {
cancel_delayed_work(&priv->timer_sleep);
- hybrid_tuner_release_state(priv);
if (priv->firmware)
release_firmware(priv->firmware);
+ hybrid_tuner_release_state(priv);
}
mutex_unlock(&xc5000_list_mutex);
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [patch] [media] xc5000: use after free in release()
2014-09-25 11:40 [patch] [media] xc5000: use after free in release() Dan Carpenter
@ 2014-09-25 14:00 ` Shuah Khan
2014-10-15 13:40 ` Dan Carpenter
1 sibling, 0 replies; 5+ messages in thread
From: Shuah Khan @ 2014-09-25 14:00 UTC (permalink / raw)
To: Dan Carpenter, Mauro Carvalho Chehab, Shuah Khan
Cc: Fabian Frederick, linux-media, kernel-janitors, Shuah Khan
On 09/25/2014 05:40 AM, Dan Carpenter wrote:
> I moved the call to hybrid_tuner_release_state(priv) after
> "priv->firmware" dereference.
>
> Fixes: 5264a522a597 ('[media] media: tuner xc5000 - release firmwware from xc5000_release()')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/media/tuners/xc5000.c b/drivers/media/tuners/xc5000.c
> index e44c8ab..803a0e6 100644
> --- a/drivers/media/tuners/xc5000.c
> +++ b/drivers/media/tuners/xc5000.c
> @@ -1333,9 +1333,9 @@ static int xc5000_release(struct dvb_frontend *fe)
>
> if (priv) {
> cancel_delayed_work(&priv->timer_sleep);
> - hybrid_tuner_release_state(priv);
> if (priv->firmware)
> release_firmware(priv->firmware);
> + hybrid_tuner_release_state(priv);
> }
>
> mutex_unlock(&xc5000_list_mutex);
>
Thanks for catching it.
Reviewed-by: Shuah Khan <shuahkh@osg.samsung.com>
-- Shuah
--
Shuah Khan
Sr. Linux Kernel Developer
Samsung Research America (Silicon Valley)
shuahkh@osg.samsung.com | (970) 217-8978
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch] [media] xc5000: use after free in release()
2014-09-25 11:40 [patch] [media] xc5000: use after free in release() Dan Carpenter
2014-09-25 14:00 ` Shuah Khan
@ 2014-10-15 13:40 ` Dan Carpenter
2014-10-15 15:12 ` Shuah Khan
1 sibling, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2014-10-15 13:40 UTC (permalink / raw)
To: Mauro Carvalho Chehab, Shuah Khan
Cc: Fabian Frederick, linux-media, kernel-janitors
On Thu, Sep 25, 2014 at 02:40:08PM +0300, Dan Carpenter wrote:
> I moved the call to hybrid_tuner_release_state(priv) after
> "priv->firmware" dereference.
>
> Fixes: 5264a522a597 ('[media] media: tuner xc5000 - release firmwware from xc5000_release()')
We still need this patch.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch] [media] xc5000: use after free in release()
2014-10-15 13:40 ` Dan Carpenter
@ 2014-10-15 15:12 ` Shuah Khan
2014-10-15 16:15 ` Dan Carpenter
0 siblings, 1 reply; 5+ messages in thread
From: Shuah Khan @ 2014-10-15 15:12 UTC (permalink / raw)
To: Dan Carpenter, Mauro Carvalho Chehab, Shuah Khan
Cc: Fabian Frederick, linux-media, kernel-janitors
On 10/15/2014 07:40 AM, Dan Carpenter wrote:
> On Thu, Sep 25, 2014 at 02:40:08PM +0300, Dan Carpenter wrote:
>> I moved the call to hybrid_tuner_release_state(priv) after
>> "priv->firmware" dereference.
>>
>> Fixes: 5264a522a597 ('[media] media: tuner xc5000 - release firmwware from xc5000_release()')
>
> We still need this patch.
>
I didn't see it in media pull request for 3.18. Mauro probably
has this on his list for next round.
-- Shuah
--
Shuah Khan
Sr. Linux Kernel Developer
Samsung Research America (Silicon Valley)
shuahkh@osg.samsung.com | (970) 217-8978
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch] [media] xc5000: use after free in release()
2014-10-15 15:12 ` Shuah Khan
@ 2014-10-15 16:15 ` Dan Carpenter
0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2014-10-15 16:15 UTC (permalink / raw)
To: Shuah Khan
Cc: Mauro Carvalho Chehab, Shuah Khan, Fabian Frederick, linux-media,
kernel-janitors
On Wed, Oct 15, 2014 at 09:12:46AM -0600, Shuah Khan wrote:
> On 10/15/2014 07:40 AM, Dan Carpenter wrote:
> > On Thu, Sep 25, 2014 at 02:40:08PM +0300, Dan Carpenter wrote:
> >> I moved the call to hybrid_tuner_release_state(priv) after
> >> "priv->firmware" dereference.
> >>
> >> Fixes: 5264a522a597 ('[media] media: tuner xc5000 - release firmwware from xc5000_release()')
> >
> > We still need this patch.
> >
>
> I didn't see it in media pull request for 3.18. Mauro probably
> has this on his list for next round.
>
It's not in linux-next.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-10-15 16:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-25 11:40 [patch] [media] xc5000: use after free in release() Dan Carpenter
2014-09-25 14:00 ` Shuah Khan
2014-10-15 13:40 ` Dan Carpenter
2014-10-15 15:12 ` Shuah Khan
2014-10-15 16:15 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).