| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1efc306d-a786-4863-82c5-517f1d4f7899@kernel.org>
Date: Tue, 14 Oct 2025 13:57:53 +0200
From: Hans Verkuil <hverkuil+cisco@...nel.org>
To: Jacopo Mondi <jacopo.mondi@...asonboard.com>
Cc: Andy Walls <awalls@...metrocast.net>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Laurent Pinchart <laurent.pinchart+renesas@...asonboard.com>,
Dan Carpenter <dan.carpenter@...aro.org>, stable@...r.kernel.org,
linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 0/2] media: pci: Fix invalid access to file *
On 14/10/2025 13:52, Jacopo Mondi wrote:
> Hi Hans
>
> On Tue, Oct 14, 2025 at 09:05:20AM +0200, Hans Verkuil wrote:
>> Hi Jacopo,
>>
>> On 19/08/2025 09:07, Jacopo Mondi wrote:
>>> Since commits
>>> 7b9eb53e8591 ("media: cx18: Access v4l2_fh from file")
>>> 9ba9d11544f9 ("media: ivtv: Access v4l2_fh from file")
>>>
>>> All the ioctl handlers access their private data structures
>>> from file *
>>>
>>> The ivtv and cx18 drivers call the ioctl handlers from their
>>> DVB layer without a valid file *, causing invalid memory access.
>>>
>>> The issue has been reported by smatch in
>>> "[bug report] media: cx18: Access v4l2_fh from file"
>>>
>>> Fix this by providing wrappers for the ioctl handlers to be
>>> used by the DVB layer that do not require a valid file *.
>>
>> This series should go to the fixes branch for v6.18, right?
>> This looks like a pure regression, so I think that makes sense.
>>
>
> I think so, yes
>
>> BTW, why is there a Link: tag in the cx18 patch? It just links to
>> the v1 of the patch and that doesn't add meaningful information.
>> Linus likes Link:, but only if it really adds useful information.
>
> Good question. I presume it's probably a copy&paste error, as it has no
> place in the patch.
>
> Would you like me to resend or will you remove it ?
I would prefer a resend for these two patches, clearly marked as [PATCH for v6.18 v5 n/2]
in the subject.
Normally I'd just drop the Link: tag, but it's good to have this clearly marked
as a fix for v6.18.
I'll also see if I can do a quick test of these two patches with my ivtv and cx18
boards. Just to make sure there are no other corner cases lurking in these drivers.
Regards,
Hans
>
>
>>
>> Regards,
>>
>> Hans
>>
>>>
>>> Signed-off-by: Jacopo Mondi <jacopo.mondi@...asonboard.com>
>>> ---
>>> Changes in v4:
>>> - Slightly adjust commit messages
>>> - Link to v3: https://lore.kernel.org/r/20250818-cx18-v4l2-fh-v3-0-5e2f08f3cadc@ideasonboard.com
>>>
>>> Changes in v3:
>>> - Change helpers to accept the type they're going to operate on instead
>>> of using the open_id wrapper type as suggested by Laurent
>>> - Link to v2: https://lore.kernel.org/r/20250818-cx18-v4l2-fh-v2-0-3f53ce423663@ideasonboard.com
>>>
>>> Changes in v2:
>>> - Add Cc: stable@...r.kernel.org per-patch
>>>
>>> ---
>>> Jacopo Mondi (2):
>>> media: cx18: Fix invalid access to file *
>>> media: ivtv: Fix invalid access to file *
>>>
>>> drivers/media/pci/cx18/cx18-driver.c | 9 +++------
>>> drivers/media/pci/cx18/cx18-ioctl.c | 30 +++++++++++++++++++-----------
>>> drivers/media/pci/cx18/cx18-ioctl.h | 8 +++++---
>>> drivers/media/pci/ivtv/ivtv-driver.c | 11 ++++-------
>>> drivers/media/pci/ivtv/ivtv-ioctl.c | 22 +++++++++++++++++-----
>>> drivers/media/pci/ivtv/ivtv-ioctl.h | 6 ++++--
>>> 6 files changed, 52 insertions(+), 34 deletions(-)
>>> ---
>>> base-commit: a75b8d198c55e9eb5feb6f6e155496305caba2dc
>>> change-id: 20250818-cx18-v4l2-fh-7eaa6199fdde
>>>
>>> Best regards,
>>
Powered by blists - more mailing lists