Received: by 10.223.164.202 with SMTP id h10csp512556wrb; Wed, 8 Nov 2017 21:51:28 -0800 (PST) X-Google-Smtp-Source: ABhQp+SEFmgYJb9Y31SZ/ImsOYsJFGrp0P04saTMnpn0Z645quW+LmPUjRyyHzplu7bhTL59ExPo X-Received: by 10.84.135.3 with SMTP id 3mr2703008pli.147.1510206688640; Wed, 08 Nov 2017 21:51:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510206688; cv=none; d=google.com; s=arc-20160816; b=Ebf8XPobX6h57sAqnqOf2ohz06Lgn+rBecdzEgPBSs9JZ5wGKCnPiMMGnyMM1qLeWC 2O+B1QWG7T74b/XMBoCpK7zvi8CZmgN/izVGVm2Rft93XoXaHQYRehZA6kRGA9ggbYez RDIfOYUbl6p8aSJyv3/Tiq5n/FleDiiHZ3oB1VWkAiIARvzLFpEsQEvOqnvVNO785nyq ma3jXazxn6XhHg+OECymj694EPeUisUm3N8cQ0CY8VnpHStz0HL9WMywlny5eTLAzLIb XBI0mq9oF8LFf2aRqnpHAwV/3vyyfvmoRAHZz9n6ZQeCrvVoAnn8C5D9cRG0+rLreL7g ZjlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=q1ViNWOH67LPZC90S9xXScboOT06DSL2gWUYeWnkmRQ=; b=m8ddbhc5xxidqTkuAfkThLZU5U79bXEqZMTnOxs3I4Fb4P4NC/E55rYEdp2PLeExfd x5EkxUTa2Km72NKJZUSZkemp93ACwAFqbwAEKjCiy+ITsoKHA66LUSJ+ZLtkROHSfKiv HVD6htXZI5qiFqy6xrc7juUgYEvDMbKFaDsexwzFRIOXgtrmwfmxXgPxL2HgWvW/rc0s zS3YEjWf5UyptiLoCgOgdFvlVW7viZZX2hdVnAzS2N5ONybO5rRlLm+FkoDVv7nIelNo /iWk+ZP8c4fk6xYgAPkOaeeJ/ojJC3xW7E48MrHgjOW8w2FmyBW5wIUPnjduqzGnPTJF wiJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=h+Caaec1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b14si5327386pgr.78.2017.11.08.21.51.16; Wed, 08 Nov 2017 21:51:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=h+Caaec1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751466AbdKIFuD (ORCPT + 82 others); Thu, 9 Nov 2017 00:50:03 -0500 Received: from mail-pf0-f195.google.com ([209.85.192.195]:47130 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751135AbdKIFuB (ORCPT ); Thu, 9 Nov 2017 00:50:01 -0500 Received: by mail-pf0-f195.google.com with SMTP id z80so3493902pff.4; Wed, 08 Nov 2017 21:50:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=q1ViNWOH67LPZC90S9xXScboOT06DSL2gWUYeWnkmRQ=; b=h+Caaec1l43in2gl0zIo4+0kDrLJhoeji3RpfA12HTJUJBLPDGMtYxdwF4KeQrZxb3 wfSfcO8KVqMuXMdRUagEPP2B1ghnqIje4inyWn2Gw9EeZeRaQYFBcbugMMAYjUQP8etz GdXLUX2LtePKNft+zVjzSj5da+EPT8PU9WEMLrB6rzrBuPih20gqX4Ehg6F8EIWHxaX+ 3FpgqGLMdFOOQT7tWpJdFQYaGS2ALdDObocG2dLOyZEDAbs5Ipj16DTfXLxrqcOWBmmA g5RPlSpxRbkgELATAPd0oblAat74nnpNOlzr1VpXm+P2Ntk1oSYzPx5bq0gxbsngdput J6LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=q1ViNWOH67LPZC90S9xXScboOT06DSL2gWUYeWnkmRQ=; b=q60LzWOi84yL11nKnvniKAe07T+Zk4kTJsyQKzkaQcjDyx+yv4RK1NwpA1mKBeXrV4 uhIqImA/ixg6CKxYm+ylSJ/VFQJsl2EraXkzIkWUDjUN/IqR8tHe9UjL9kH+UWlfoYuf UGz2AGOmeVEbLqXSSNFQ3JC4cbqF/3sn6PTPxpvQAcA15k/UxYRb169J6D9dFSXmEa+N G5ESbnnyFoEEqCygANaC2v0CCoPfBBECQ4LSuUMo8bZPSKI/N7QtwMlbCMJH4PSr8zkP uGEWlehQvecxkuTfS7P9mFv9bKig745k7VmGIzHlJlrHxOedGkfV4NjLUTvCSnNKryCh AWqg== X-Gm-Message-State: AJaThX76XHbbsAVknOKjIxFNKcAUnza6FB3bNt1c6gs2n+lzCPK6lQHg 4sX/12rtKGotNTLJN9OLmf51uw== X-Received: by 10.98.220.220 with SMTP id c89mr2932387pfl.167.1510206601217; Wed, 08 Nov 2017 21:50:01 -0800 (PST) Received: from symbol-HP-Z420-Workstation.zebra.lan ([223.31.70.102]) by smtp.googlemail.com with ESMTPSA id d6sm10600163pfc.29.2017.11.08.21.49.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Nov 2017 21:50:00 -0800 (PST) From: Arvind Yadav To: mchehab@kernel.org, andreyknvl@google.com, kcc@google.com, dvyukov@google.com Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org Subject: [RFT] [media] em28xx: Fix use-after-free in v4l2_fh_init Date: Thu, 9 Nov 2017 11:19:12 +0530 Message-Id: <47c1c53ffe47fbd34a3f1aae92391e7ff5a0aab8.1510205498.git.arvind.yadav.cs@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Here, em28xx_free_v4l2 is release "v4l2->dev->v4l2" Which is allready release by em28xx_v4l2_init. Signed-off-by: Arvind Yadav --- This bug report by Andrey Konovalov "net/media/em28xx: use-after-free in v4l2_fh_init" drivers/media/usb/em28xx/em28xx-video.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c index 8d253a5..f1ee53f 100644 --- a/drivers/media/usb/em28xx/em28xx-video.c +++ b/drivers/media/usb/em28xx/em28xx-video.c @@ -2785,8 +2785,8 @@ static int em28xx_v4l2_init(struct em28xx *dev) v4l2_ctrl_handler_free(&v4l2->ctrl_handler); v4l2_device_unregister(&v4l2->v4l2_dev); err: - dev->v4l2 = NULL; kref_put(&v4l2->ref, em28xx_free_v4l2); + dev->v4l2 = NULL; mutex_unlock(&dev->lock); return ret; } -- 1.9.1 From 1583715506263128383@xxx Fri Nov 10 21:20:02 +0000 2017 X-GM-THRID: 1583404362006957391 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread