Commit 8280b662 authored by Hans Verkuil's avatar Hans Verkuil Committed by Mauro Carvalho Chehab

[media] v4l: Fix use-after-free case in v4l2_device_release

Drivers that have no v4l2_device release callback might free the
v4l2_device instance in the video_device release callback. Make sure we
don't access the v4l2_device instance after it gets freed.
Signed-off-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent dd182e54
...@@ -173,6 +173,17 @@ static void v4l2_device_release(struct device *cd) ...@@ -173,6 +173,17 @@ static void v4l2_device_release(struct device *cd)
media_device_unregister_entity(&vdev->entity); media_device_unregister_entity(&vdev->entity);
#endif #endif
/* Do not call v4l2_device_put if there is no release callback set.
* Drivers that have no v4l2_device release callback might free the
* v4l2_dev instance in the video_device release callback below, so we
* must perform this check here.
*
* TODO: In the long run all drivers that use v4l2_device should use the
* v4l2_device release callback. This check will then be unnecessary.
*/
if (v4l2_dev->release == NULL)
v4l2_dev = NULL;
/* Release video_device and perform other /* Release video_device and perform other
cleanups as needed. */ cleanups as needed. */
vdev->release(vdev); vdev->release(vdev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment