From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B568C433ED for ; Tue, 27 Apr 2021 13:51:04 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 66ADE6127A for ; Tue, 27 Apr 2021 13:51:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 66ADE6127A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=samsung.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:References:In-Reply-To:MIME-Version:Date:Message-ID: From:Cc:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KpfykoexhAuS/ZzD4DQcDBjF7R/nbnOldK6y4jWCJfs=; b=YoV3hNKljkri45jXpk/tytKGX dILV7+xqrj4ALml7HQ8c6ymzi7E9LKRTMI/3+Zwf5blC1ItEr4T5dJebr5CiE0sft8sZnjJ69qEO+ P3SaLUhdyC112EZzdj4PyiKndTkobCrkrEUy0vpA3UCJXrCKbnzeib1qBBIRNMPbERncrFFk8gah/ IB+rPHk6i1nzW8+7Dhjbmbz9ujarf+os/CnKXrZOyJ+YDOzdQwNzDPBZV/0LPMx+tUhOuKAP7F/bB +r3Rsgqm+6i6OZh2BO18CX5cbhZnM2N4s6RJhBaxcPMz+y5W/hiIdU5SnoEJGR8hkrIRAUeuR3K+v E8EmoPO0w==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lbO4w-001iBV-JY; Tue, 27 Apr 2021 13:48:42 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lbO4m-001iB4-Qj for linux-arm-kernel@desiato.infradead.org; Tue, 27 Apr 2021 13:48:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=References:Content-Type: Content-Transfer-Encoding:In-Reply-To:MIME-Version:Date:Message-ID:From:Cc:To :Subject:Sender:Reply-To:Content-ID:Content-Description; bh=+aMkihQAegdyYigDg5mTKEVlkZ0cCX26e295FbA7/c4=; b=0/xAY0LFQ5bOHXEV8OohbSuWbx XDWmobm5PUMjA9jPnn4YEAiLZ9Z7HmIQe0XrIyazm+niDymsZRvgmd4qfE5llMVmm90c+yE8/aqXh ZVFHfvNlp4TpRpqqTAoW9Y9A2+f479AAssEdzcvvuoiY5xNyilP5/lAyQHq6UGVPFNOeJEvs+V4e1 lJd7mjT04iZ3g7Q76doXS2Qi83UIaT5UmDk0Y5N11TdkYFB8PJmfyLk5YUP6Y8INeNRMOebur5ctF 7Bg3D02OPPRLX8PkoDTAgm92/ItI4sKMp7ljh7weB0CqQRa5wQxkBh4r8lOR1DDrmF8cnc15A+U3j cP/hrPtA==; Received: from mailout1.w1.samsung.com ([210.118.77.11]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lbO4e-00GlqI-Gn for linux-arm-kernel@lists.infradead.org; Tue, 27 Apr 2021 13:48:29 +0000 Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout1.w1.samsung.com (KnoxPortal) with ESMTP id 20210427134817euoutp012caf8ab1b1f181376dc53625a44a265b~5uyJj6hiU2781927819euoutp010 for ; Tue, 27 Apr 2021 13:48:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20210427134817euoutp012caf8ab1b1f181376dc53625a44a265b~5uyJj6hiU2781927819euoutp010 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1619531297; bh=+aMkihQAegdyYigDg5mTKEVlkZ0cCX26e295FbA7/c4=; h=Subject:To:Cc:From:Date:In-Reply-To:References:From; b=luzNfxdmq97U7KOg8p8w5ASR/axvNyf2feBt95AhaJ6OhgTcMj8g9ok+WcY5hXAfx soEyeW7EbX4TAAKFrWHdkVIxOBUvbA5Wqy9jbw8z85KFyfS36araVVSnJVA4uKRI2u YhftITChGSOkGxFqnqRKGL9Z8ZXWQ66T/v+o71Yk= Received: from eusmges1new.samsung.com (unknown [203.254.199.242]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20210427134817eucas1p14b7bfd014b63c7b594cace4fa0ee0cef~5uyJbN-xJ1269612696eucas1p1_; Tue, 27 Apr 2021 13:48:17 +0000 (GMT) Received: from eucas1p1.samsung.com ( [182.198.249.206]) by eusmges1new.samsung.com (EUCPMTA) with SMTP id 8D.3A.09452.12618806; Tue, 27 Apr 2021 14:48:17 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p1.samsung.com (KnoxPortal) with ESMTPA id 20210427134816eucas1p124e5a78b5beb7a70ca8090cdc6fdae5d~5uyI8tOvA1709117091eucas1p1j; Tue, 27 Apr 2021 13:48:16 +0000 (GMT) Received: from eusmgms1.samsung.com (unknown [182.198.249.179]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20210427134816eusmtrp14b957a6c7bef52e5fb24cd7239c97fe5~5uyI8Ap2B0501305013eusmtrp17; Tue, 27 Apr 2021 13:48:16 +0000 (GMT) X-AuditID: cbfec7f2-a9fff700000024ec-b6-608816212bb8 Received: from eusmtip1.samsung.com ( [203.254.199.221]) by eusmgms1.samsung.com (EUCPMTA) with SMTP id F7.2C.08705.02618806; Tue, 27 Apr 2021 14:48:16 +0100 (BST) Received: from [106.210.134.141] (unknown [106.210.134.141]) by eusmtip1.samsung.com (KnoxPortal) with ESMTPA id 20210427134816eusmtip12b5181d017d7d87d37fdb46567de99be~5uyITggT02529925299eusmtip1Q; Tue, 27 Apr 2021 13:48:15 +0000 (GMT) Subject: Re: [PATCH v3] media:exynos4-is: Fix a use after free in isp_video_release To: Lv Yunlong Cc: linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-samsung-soc@vger.kernel.org, linux-kernel@vger.kernel.org, mchehab@kernel.org, krzk@kernel.org From: Sylwester Nawrocki Message-ID: Date: Tue, 27 Apr 2021 15:48:15 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: <20210427132734.5212-1-lyl2019@mail.ustc.edu.cn> Content-Language: en-US X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsWy7djPc7qKYh0JBntfclmcP7+B3WLT42us Fpd3zWGz6NmwldVixvl9TBb737ezWCzb9IfJgd1j06pONo/NS+o93i/4zezxeZNcAEsUl01K ak5mWWqRvl0CV8aanxtZCg6yVixq2cncwHiVpYuRk0NCwERi9fPHzF2MXBxCAisYJU5N2cII 4XxhlPgy6zMbhPOZUeLl3busXYwcYC2fljhCxJczSjz6NBWq4yOjRO+R2WBzhQVCJfbM2MkI YosIaEpM+drJBFLELLCeUaLp8GQmkASbgKFE79E+sCJeATuJe8+fgNksAqoSM7ZdZwWxRQWS Jc4/vsoOUSMocXLmE7AFnAK2EhdefAezmQXEJW49mc8EYctLbH87B+whCYEbHBJ7Hr9ghDjb RaL5cjDE08ISr45vYYewZSROT+5hgahvZpTo2X2bHcKZwChx//gCRogqa4k7536xgQxiBnpn /S59iLCjxJnusywQ8/kkbrwVhLiBT2LStunMEGFeiY42IYhqFYnfq6YzQdhSEt1P/rNMYFSa heSzWUi+mYXkm1kIexcwsqxiFE8tLc5NTy02zEst1ytOzC0uzUvXS87P3cQITDyn/x3/tINx 7quPeocYmTgYDzFKcDArifCy7WpNEOJNSaysSi3Kjy8qzUktPsQozcGiJM67avaaeCGB9MSS 1OzU1ILUIpgsEwenVANTUub0Ys1X/OtebvkQUyjOcOz0ztOMBgvcFKI/PKhtmpRn/qJL3z5j +h+mv3uOei67XaLx+mnyq+YDO87p+xxuzKvNuCUo75h4RYCrOuLUIwXplwHvo5PiWk5eK1nx wD/5peWrAqG5S/IqnVw3ZGsy+3zW/SukYiqkNbmiQnzFrM1Ht+85tpNp6vHtip/OzVzRdKHu 6LcJSy7t//Dm9Tbe7dseMpnqen823JBe+SFfc2deSdFaue+xjZ78XrzrbbMiXny9ciatbb+v 5Plj1+YLzX20Jt31kkEDSxqfEqfmH+Ofjmd8POc72TL5FnBXyXDNLz+4XSH7ysyvlTa7uTc2 xv48aFy01/5CFBN/YuU5JZbijERDLeai4kQAruGl0qsDAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJIsWRmVeSWpSXmKPExsVy+t/xu7oKYh0JBh9XqFicP7+B3WLT42us Fpd3zWGz6NmwldVixvl9TBb737ezWCzb9IfJgd1j06pONo/NS+o93i/4zezxeZNcAEuUnk1R fmlJqkJGfnGJrVK0oYWRnqGlhZ6RiaWeobF5rJWRqZK+nU1Kak5mWWqRvl2CXsaanxtZCg6y Vixq2cncwHiVpYuRg0NCwETi0xLHLkYuDiGBpYwSD3t/sELEpSTmtyh1MXICmcISf651sUHU vGeUeNW1gQUkISwQKrFnxk5GEFtEQFNiytdOJpAiZoH1jBL9O44xgySEBCYwSix8LQliswkY SvQe7QNr4BWwk7j3/AmYzSKgKjFj23VWEFtUIFli9e/NrBA1ghInZz4BW8YpYCtx4cV3MJtZ QF3iz7xLzBC2uMStJ/OZIGx5ie1v5zBPYBSahaR9FpKWWUhaZiFpWcDIsopRJLW0ODc9t9hQ rzgxt7g0L10vOT93EyMwzrYd+7l5B+O8Vx/1DjEycTAeYpTgYFYS4WXb1ZogxJuSWFmVWpQf X1Sak1p8iNEU6J+JzFKiyfnASM8riTc0MzA1NDGzNDC1NDNWEufdOndNvJBAemJJanZqakFq EUwfEwenVAMT4wGBRoZSEctbN3LbC8sN3Xy99V2/3/YU9wgSPlr7e8GkqhyWbXHRcx4f//uo b/fzD5q1B95cDJze6LldoHxlgLjL28/7lWcUXpjT32nSLjhnSdmzSL9VIutLSi6bLSkOvHu7 wPa7/Y4KruyAr5FWwrKemhfiF9w+8shZ8OZqG+2E7bZVlwodXCNueWwP4lNmdLleJLbS/uu/ jM/Z0kzGKml35X5HH5nHHlmbb3QpPPGnU5hs5rLdjxc/tf0fZWd1uL+Arf7H7RnTLfKnaGus ma60/Fmlxyu7X2/komwYX32N+7D64AedgOSpi+d8mmRqGynvmxi+WX77YbMGQ3EP5u+l7id2 51T1lsr4piqxFGckGmoxFxUnAgCSgdzLPAMAAA== X-CMS-MailID: 20210427134816eucas1p124e5a78b5beb7a70ca8090cdc6fdae5d X-Msg-Generator: CA X-RootMTR: 20210427132754eucas1p21042e4e176135e7b3f7b540dc9aadfbb X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20210427132754eucas1p21042e4e176135e7b3f7b540dc9aadfbb References: <20210427132734.5212-1-lyl2019@mail.ustc.edu.cn> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210427_064824_835619_46BF1386 X-CRM114-Status: GOOD ( 10.61 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 27.04.2021 15:27, Lv Yunlong wrote: > In isp_video_release, file->private_data is freed via > _vb2_fop_release()->v4l2_fh_release(). But the freed > file->private_data is still used in v4l2_fh_is_singular_file() > ->v4l2_fh_is_singular(file->private_data), which is a use > after free bug. > > My patch sets file->private_data to NULL after _vb2_fop_release() > to avoid the use after free, and uses a variable 'is_singular_file' > to keep the original function unchanged. > > Fixes: 34947b8aebe3f ("[media] exynos4-is: Add the FIMC-IS ISP capture DMA driver") > Signed-off-by: Lv Yunlong Thanks, Reviewed-by: Sylwester Nawrocki _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel