lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3cqjf6pts5fzs5gziog3g3jay6txcvxshm554uqpzgb6ymnukh@dsbo27d47rol>
Date: Tue, 14 Oct 2025 13:52:18 +0200
From: Jacopo Mondi <jacopo.mondi@...asonboard.com>
To: Hans Verkuil <hverkuil+cisco@...nel.org>
Cc: Jacopo Mondi <jacopo.mondi@...asonboard.com>, 
	Andy Walls <awalls@...metrocast.net>, Mauro Carvalho Chehab <mchehab@...nel.org>, 
	Laurent Pinchart <laurent.pinchart+renesas@...asonboard.com>, Dan Carpenter <dan.carpenter@...aro.org>, stable@...r.kernel.org, 
	linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 0/2] media: pci: Fix invalid access to file *

Hi Hans

On Tue, Oct 14, 2025 at 09:05:20AM +0200, Hans Verkuil wrote:
> Hi Jacopo,
>
> On 19/08/2025 09:07, Jacopo Mondi wrote:
> > Since commits
> > 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file")
> > 9ba9d11544f9 ("media: ivtv: Access v4l2_fh from file")
> >
> > All the ioctl handlers access their private data structures
> > from file *
> >
> > The ivtv and cx18 drivers call the ioctl handlers from their
> > DVB layer without a valid file *, causing invalid memory access.
> >
> > The issue has been reported by smatch in
> > "[bug report] media: cx18: Access v4l2_fh from file"
> >
> > Fix this by providing wrappers for the ioctl handlers to be
> > used by the DVB layer that do not require a valid file *.
>
> This series should go to the fixes branch for v6.18, right?
> This looks like a pure regression, so I think that makes sense.
>

I think so, yes

> BTW, why is there a Link: tag in the cx18 patch? It just links to
> the v1 of the patch and that doesn't add meaningful information.
> Linus likes Link:, but only if it really adds useful information.

Good question. I presume it's probably a copy&paste error, as it has no
place in the patch.

Would you like me to resend or will you remove it ?


>
> Regards,
>
> 	Hans
>
> >
> > Signed-off-by: Jacopo Mondi <jacopo.mondi@...asonboard.com>
> > ---
> > Changes in v4:
> > - Slightly adjust commit messages
> > - Link to v3: https://lore.kernel.org/r/20250818-cx18-v4l2-fh-v3-0-5e2f08f3cadc@ideasonboard.com
> >
> > Changes in v3:
> > - Change helpers to accept the type they're going to operate on instead
> >   of using the open_id wrapper type as suggested by Laurent
> > - Link to v2: https://lore.kernel.org/r/20250818-cx18-v4l2-fh-v2-0-3f53ce423663@ideasonboard.com
> >
> > Changes in v2:
> > - Add Cc: stable@...r.kernel.org per-patch
> >
> > ---
> > Jacopo Mondi (2):
> >       media: cx18: Fix invalid access to file *
> >       media: ivtv: Fix invalid access to file *
> >
> >  drivers/media/pci/cx18/cx18-driver.c |  9 +++------
> >  drivers/media/pci/cx18/cx18-ioctl.c  | 30 +++++++++++++++++++-----------
> >  drivers/media/pci/cx18/cx18-ioctl.h  |  8 +++++---
> >  drivers/media/pci/ivtv/ivtv-driver.c | 11 ++++-------
> >  drivers/media/pci/ivtv/ivtv-ioctl.c  | 22 +++++++++++++++++-----
> >  drivers/media/pci/ivtv/ivtv-ioctl.h  |  6 ++++--
> >  6 files changed, 52 insertions(+), 34 deletions(-)
> > ---
> > base-commit: a75b8d198c55e9eb5feb6f6e155496305caba2dc
> > change-id: 20250818-cx18-v4l2-fh-7eaa6199fdde
> >
> > Best regards,
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ