| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Jun 2008 19:33:37 +0200
From: Marcin Slusarz <marcin.slusarz@...il.com>
To: Arjan van de Ven <arjan@...radead.org>
Cc: mchehab@...radead.org, linux-kernel@...r.kernel.org,
Al Viro <viro@....linux.org.uk>
Subject: Re: [PATCH] Fix open/close race in saa7134
On Sun, Jun 22, 2008 at 10:05:07AM -0700, Arjan van de Ven wrote:
>
> From: Arjan van de Ven <arjan@...ux.intel.com>
> Date: Sun, 22 Jun 2008 10:03:02 -0700
> Subject: [PATCH] Fix open/close race in saa7134
>
> The saa7134 driver uses a (non-atomic) variable in an attempt to
> only allow one opener of the device (how it deals with sending
> the fd over unix sockets I don't know).
>
> Unfortunately, the release function first decrements this variable,
> and THEN goes on to disable more of the device. This allows for
> a race where another opener of the device comes in after the decrement of
> the variable, configures the hardware just to then see the hardware
> be disabled by the rest of the release function.
Simplier fix:
http://lkml.org/lkml/2008/6/9/308
But I don't remember whether it was applied or not...
>
> This patch makes the release function use the same lock as the open
> function to protect the hardware as well as the variable (which now
> at least has some locking to protect it).
>
> Signed-off-by: Arjan van de Ven <arjan@...ux.intel.com>
> ---
> drivers/media/video/saa7134/saa7134-empress.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/media/video/saa7134/saa7134-empress.c b/drivers/media/video/saa7134/saa7134-empress.c
> index 81431ee..9108843 100644
> --- a/drivers/media/video/saa7134/saa7134-empress.c
> +++ b/drivers/media/video/saa7134/saa7134-empress.c
> @@ -110,6 +110,8 @@ static int ts_release(struct inode *inode, struct file *file)
> {
> struct saa7134_dev *dev = file->private_data;
>
> + mutex_lock(&dev->empress_tsq.vb_lock);
> +
> videobuf_stop(&dev->empress_tsq);
> videobuf_mmap_free(&dev->empress_tsq);
> dev->empress_users--;
> @@ -121,6 +123,8 @@ static int ts_release(struct inode *inode, struct file *file)
> saa_writeb(SAA7134_AUDIO_MUTE_CTRL,
> saa_readb(SAA7134_AUDIO_MUTE_CTRL) | (1 << 6));
>
> + mutex_unlock(&dev->empress_tsq.vb_lock);
> +
> return 0;
> }
>
> --
> 1.5.5.1
PS: I can't access 2.6.25 oopses anymore (timeout). Can you fix it?
http://kerneloops.org/version.php?start=1671168&end=1703935&version=25-release&count=4509
Marcin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists