| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jun 2024 02:58:44 +0300 From: Laurent Pinchart <laurent.pinchart@...asonboard.com> To: Tomasz Figa <tfiga@...omium.org> Cc: Ricardo Ribalda <ribalda@...omium.org>, Mauro Carvalho Chehab <mchehab@...nel.org>, Guenter Roeck <linux@...ck-us.net>, Max Staudt <mstaudt@...omium.org>, Alan Stern <stern@...land.harvard.edu>, Hans Verkuil <hverkuil-cisco@...all.nl>, linux-media@...r.kernel.org, linux-kernel@...r.kernel.org, Sean Paul <seanpaul@...omium.org>, Sakari Ailus <sakari.ailus@...ux.intel.com> Subject: Re: [PATCH v4 1/4] media: uvcvideo: stop stream during unregister Hi Tomasz, On Thu, Jun 06, 2024 at 06:57:50PM +0900, Tomasz Figa wrote: > On Wed, Mar 27, 2024 at 5:24 PM Ricardo Ribalda wrote: > > > > uvc_unregister_video() can be called asynchronously from > > uvc_disconnect(). If the device is still streaming when that happens, a > > plethora of race conditions can happen. > > > > Make sure that the device has stopped streaming before exiting this > > function. > > > > If the user still holds handles to the driver's file descriptors, any > > ioctl will return -ENODEV from the v4l2 core. > > > > This change make uvc more consistent with the rest of the v4l2 drivers > > using the vb2_fop_* and vb2_ioctl_* helpers. > > > > Suggested-by: Hans Verkuil <hverkuil-cisco@...all.nl> > > Signed-off-by: Ricardo Ribalda <ribalda@...omium.org> > > --- > > drivers/media/usb/uvc/uvc_driver.c | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > First of all, thanks for the patch. I have a question about the > problem being fixed here. > > Could you point out a specific race condition example that could > happen without this change? > From what I see in __video_do_ioctl((), no ioctls would be executed > anymore after the video node is unregistered. > Since the device is not present either, what asynchronous code paths > could be still triggered? I believe the issue is that some ioctls can be in progress while the device is unregistered. I'll let Ricardo confirm. I've tried to explain multiple times before that this should be handled in the V4L2 core, ideally with fixes in the cdev core too, as this issue affects all cdev drivers. I've pointed to related patches that have been posted for the cdev core. They need to be wrapped in V4L2 functions to make them easier to use for drivers. If we don't want to depend on those cdev changes, we can implement the "wrappers" with fixes limited to V4L2 until the cdev changes get merged (assuming someone would resurect them). > [1] https://elixir.bootlin.com/linux/latest/source/drivers/media/v4l2-core/v4l2-ioctl.c#L3023 > > > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > > index bbd90123a4e76..17fc945c8deb6 100644 > > --- a/drivers/media/usb/uvc/uvc_driver.c > > +++ b/drivers/media/usb/uvc/uvc_driver.c > > @@ -1911,8 +1911,19 @@ static void uvc_unregister_video(struct uvc_device *dev) > > if (!video_is_registered(&stream->vdev)) > > continue; > > > > + /* > > + * Serialize other access to the stream. > > + */ > > + mutex_lock(&stream->mutex); > > + uvc_queue_streamoff(&stream->queue, stream->type); > > video_unregister_device(&stream->vdev); > > video_unregister_device(&stream->meta.vdev); > > + mutex_unlock(&stream->mutex); > > + > > + /* > > + * Now the vdev is not streaming and all the ioctls will > > + * return -ENODEV > > + */ > > > > uvc_debugfs_cleanup_stream(stream); > > } -- Regards, Laurent Pinchart
Powered by blists - more mailing lists