media: vb2: vb2_mmap: move lock up - openslx/kernel-qcow2-linux.git

diff options

author	Hans Verkuil	2018-11-13 15:06:46 +0100
committer	Mauro Carvalho Chehab	2018-11-23 11:54:22 +0100
commit	cd26d1c4d1bc947b56ae404998ae2276df7b39b7 (patch)
tree	ad9e1dc8c7f642dd9f7c34ba0d8f0136ae9429c1 /fs
parent	media: pulse8-cec: return 0 when invalidating the logical address (diff)
download	kernel-qcow2-linux-cd26d1c4d1bc947b56ae404998ae2276df7b39b7.tar.gz kernel-qcow2-linux-cd26d1c4d1bc947b56ae404998ae2276df7b39b7.tar.xz kernel-qcow2-linux-cd26d1c4d1bc947b56ae404998ae2276df7b39b7.zip

media: vb2: vb2_mmap: move lock up

If a filehandle is dup()ped, then it is possible to close it from one fd and call mmap from the other. This creates a race condition in vb2_mmap where it is using queue data that __vb2_queue_free (called from close()) is in the process of releasing. By moving up the mutex_lock(mmap_lock) in vb2_mmap this race is avoided since __vb2_queue_free is called with the same mutex locked. So vb2_mmap now reads consistent buffer data. Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Reported-by: syzbot+be93025dd45dccd8923c@syzkaller.appspotmail.com Signed-off-by: Hans Verkuil <hansverk@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>

Diffstat (limited to 'fs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: