linux_dsm_epyc7002/drivers/media/usb
Alan Stern c7a1914640 media: usbvision: Fix invalid accesses after device disconnect
The syzbot fuzzer found two invalid-access bugs in the usbvision
driver.  These bugs occur when userspace keeps the device file open
after the device has been disconnected and usbvision_disconnect() has
set usbvision->dev to NULL:

	When the device file is closed, usbvision_radio_close() tries
	to issue a usb_set_interface() call, passing the NULL pointer
	as its first argument.

	If userspace performs a querycap ioctl call, vidioc_querycap()
	calls usb_make_path() with the same NULL pointer.

This patch fixes the problems by making the appropriate tests
beforehand.  Note that vidioc_querycap() is protected by
usbvision->v4l2_lock, acquired in a higher layer of the V4L2
subsystem.

Reported-and-tested-by: syzbot+7fa38a608b1075dfd634@syzkaller.appspotmail.com

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
2019-10-10 07:22:06 -03:00
..
airspy media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
as102 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118 2019-05-24 17:39:02 +02:00
au0828 media: drivers/media: don't set pix->priv = 0 2019-07-23 08:48:33 -04:00
b2c2 media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() 2019-10-07 07:51:17 -03:00
cpia2 media: cpia2_usb: fix memory leaks 2019-08-26 10:40:01 -03:00
cx231xx media: cx231xx: remove duplicated include from cx231xx-417.c 2019-10-10 07:21:12 -03:00
dvb-usb media: dvb-usb: remove T230 from cxusb 2019-08-21 18:39:55 -03:00
dvb-usb-v2 media: af9035: add support for Logilink VG0022A. 2019-10-10 07:07:42 -03:00
em28xx media: em28xx: Add support for Magix Wideowandler 2 2019-10-07 07:43:55 -03:00
go7007 media: usb: go7007: s2250-board: convert to i2c_new_dummy_device 2019-08-13 11:46:13 -03:00
gspca media: gspca: make array st6422_bridge_init static, makes object smaller 2019-10-10 07:21:46 -03:00
hackrf Linux 5.2-rc4 2019-06-11 12:09:28 -04:00
hdpvr media: hdpvr: remove redundant assignment to retval 2019-08-26 10:43:53 -03:00
msi2500 media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
pulse8-cec treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 55 2019-05-24 17:36:42 +02:00
pvrusb2 media: pvrusb2: qctrl.flag will be uninitlaized if cx2341x_ctrl_query() returns error code 2019-08-29 10:22:39 -03:00
pwc media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
rainshadow-cec treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 55 2019-05-24 17:36:42 +02:00
s2255 media: drivers/media: don't set pix->priv = 0 2019-07-23 08:48:33 -04:00
siano USB fixes for 5.2-rc3 2019-05-31 08:16:31 -07:00
stk1160 media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
stkwebcam media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
tm6000 media: usb: tm6000: Use the correct style for SPDX License Identifier 2019-10-07 07:45:38 -03:00
ttusb-budget treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ttusb-dec media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() 2019-08-21 18:39:55 -03:00
usbtv media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
usbvision media: usbvision: Fix invalid accesses after device disconnect 2019-10-10 07:22:06 -03:00
uvc media: drivers/media: don't set pix->priv = 0 2019-07-23 08:48:33 -04:00
zr364xx media: delete unused proc_fs.h include 2019-10-07 07:31:36 -03:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00