git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Lin Ma <linma@zju.edu.cn>
	Sun, 7 Aug 2022 14:59:52 +0000 (15:59 +0100)
committer	Mauro Carvalho Chehab <mchehab@kernel.org>
	Fri, 25 Nov 2022 10:08:23 +0000 (10:08 +0000)
commit	0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79
tree	bbf176c361eb5d46f8b79d923239f42363c5ba9a	tree \| snapshot
parent	9b7de3c2daf503f86ab0641f377402b8d7f5e485	commit \| diff

media: dvbdev: adopts refcnt to avoid UAF

dvb_unregister_device() is known that prone to use-after-free.
That is, the cleanup from dvb_unregister_device() releases the dvb_device
even if there are pointers stored in file->private_data still refer to it.

This patch adds a reference counter into struct dvb_device and delays its
deallocation until no pointer refers to the object.

Link: https://lore.kernel.org/linux-media/20220807145952.10368-1-linma@zju.edu.cn
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

drivers/media/dvb-core/dvb_ca_en50221.c		diff \| blob \| history
drivers/media/dvb-core/dvb_frontend.c		diff \| blob \| history
drivers/media/dvb-core/dvbdev.c		diff \| blob \| history
include/media/dvbdev.h		diff \| blob \| history