[052/190] Revert "media: media/saa7146: fix incorrect assertion in saa7146_buffer_finish"
diff mbox series

Message ID 20210421130105.1226686-53-gregkh@linuxfoundation.org
State New, archived
Headers show
Series
  • Revertion of all of the umn.edu commits
Related show

Commit Message

Greg Kroah-Hartman April 21, 2021, 12:58 p.m. UTC
This reverts commit 639c0a5b0503fb57127fa8972208d43020a9bcf6.

Commits from @umn.edu addresses have been found to be submitted in "bad
faith" to try to test the kernel community's ability to review "known
malicious" changes.  The result of these submissions can be found in a
paper published at the 42nd IEEE Symposium on Security and Privacy
entitled, "Open Source Insecurity: Stealthily Introducing
Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
of Minnesota) and Kangjie Lu (University of Minnesota).

Because of this, all submissions from this group must be reverted from
the kernel tree and will need to be re-reviewed again to determine if
they actually are a valid fix.  Until that work is complete, remove this
change to ensure that no problems are being introduced into the
codebase.

Cc: Aditya Pakki <pakki001@umn.edu>
Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Cc: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/media/common/saa7146/saa7146_fops.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Pavel Machek April 29, 2021, 8:08 p.m. UTC | #1
Hi!

> Cc: Aditya Pakki <pakki001@umn.edu>
> Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl>
> Cc: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/media/common/saa7146/saa7146_fops.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/media/common/saa7146/saa7146_fops.c b/drivers/media/common/saa7146/saa7146_fops.c
> index baf5772c52a9..c256146fd3b6 100644
> --- a/drivers/media/common/saa7146/saa7146_fops.c
> +++ b/drivers/media/common/saa7146/saa7146_fops.c
> @@ -95,6 +95,8 @@ void saa7146_buffer_finish(struct saa7146_dev *dev,
>  	DEB_EE("dev:%p, dmaq:%p, state:%d\n", dev, q, state);
>  	DEB_EE("q->curr:%p\n", q->curr);
>  
> +	BUG_ON(!q->curr);
> +
>  	/* finish current buffer */
>  	if (NULL == q->curr) {
>  		DEB_D("aiii. no current buffer\n");

The code is obviously crazy _after_ the revert, so I'd suggest not
reverting it.

But whether this code has any security problems is quite hard to
decide, it was not written with readability in mind :-(.

								Pavel

Patch
diff mbox series

diff --git a/drivers/media/common/saa7146/saa7146_fops.c b/drivers/media/common/saa7146/saa7146_fops.c
index baf5772c52a9..c256146fd3b6 100644
--- a/drivers/media/common/saa7146/saa7146_fops.c
+++ b/drivers/media/common/saa7146/saa7146_fops.c
@@ -95,6 +95,8 @@  void saa7146_buffer_finish(struct saa7146_dev *dev,
 	DEB_EE("dev:%p, dmaq:%p, state:%d\n", dev, q, state);
 	DEB_EE("q->curr:%p\n", q->curr);
 
+	BUG_ON(!q->curr);
+
 	/* finish current buffer */
 	if (NULL == q->curr) {
 		DEB_D("aiii. no current buffer\n");