[PATCH OLK-6.6 V1] media: v4l: async: Properly re-initialise notifier entry in unregister

16 Jul 2024

From: Sakari Ailus sakari.ailus@linux.intel.com
mainline inclusion
from mainline-v6.10-rc1
commit 9537a8425a7a0222999d5839a0b394b1e8834b4a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAB05K
CVE: CVE-2024-39485
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
The notifier_entry of a notifier is not re-initialised after unregistering
the notifier. This leads to dangling pointers being left there so use
list_del_init() to return the notifier_entry an empty list.
Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init")
Cc: stable@vger.kernel.org # for 6.6 and later
Signed-off-by: Sakari Ailus sakari.ailus@linux.intel.com
Signed-off-by: Hans Verkuil hverkuil-cisco@xs4all.nl
Signed-off-by: Cheng Yu serein.chengyu@huawei.com
---
 drivers/media/v4l2-core/v4l2-async.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c
index 8cfd593d293d..e6b9ba2c8e6e 100644
--- a/drivers/media/v4l2-core/v4l2-async.c
+++ b/drivers/media/v4l2-core/v4l2-async.c
@@ -639,7 +639,7 @@ __v4l2_async_nf_unregister(struct v4l2_async_notifier *notifier)
v4l2_async_nf_unbind_all_subdevs(notifier);
-	list_del(&notifier->notifier_entry);
+	list_del_init(&notifier->notifier_entry);
 }
void v4l2_async_nf_unregister(struct v4l2_async_notifier *notifier)
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

[PATCH OLK-6.6 V1] media: v4l: async: Properly re-initialise notifier entry in unregister