|author||Pi-Hsun Shih <email@example.com>||2019-11-10 07:29:10 +0100|
|committer||Mauro Carvalho Chehab <firstname.lastname@example.org>||2019-11-10 07:29:10 +0100|
media: v4l2-ctrl: Lock main_hdl on operations of requests_queued.
There's a race condition between the list_del_init in the v4l2_ctrl_request_complete, and the list_add_tail in the v4l2_ctrl_request_queue, since they can be called in different thread and the requests_queued list is not protected by a lock. This can lead to that the v4l2_ctrl_handler is still in the requests_queued list while the request_is_queued is already set to false, which would cause use-after-free if the v4l2_ctrl_handler is later released. Fix this by locking the ->lock of main_hdl (which is the owner of the requests_queued list) when doing list operations on the ->requests_queued list. Signed-off-by: Pi-Hsun Shih <email@example.com> Signed-off-by: Hans Verkuil <firstname.lastname@example.org> Signed-off-by: Mauro Carvalho Chehab <email@example.com>
Diffstat (limited to 'drivers/staging/media/sunxi/cedrus/cedrus_regs.h')
0 files changed, 0 insertions, 0 deletions