From: Sean Young sean@mess.org
commit a2e2d73fa28136598e84db9d021091f1b98cbb1a upstream.
Device drivers do not expect to have change_protocol or wakeup re-programming to be accesed after rc_unregister_device(). This can cause the device driver to access deallocated resources.
Cc: stable@vger.kernel.org # 4.16+ Signed-off-by: Sean Young sean@mess.org Signed-off-by: Mauro Carvalho Chehab mchehab+huawei@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/media/rc/rc-main.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
--- a/drivers/media/rc/rc-main.c +++ b/drivers/media/rc/rc-main.c @@ -1245,6 +1245,10 @@ static ssize_t store_protocols(struct de }
mutex_lock(&dev->lock); + if (!dev->registered) { + mutex_unlock(&dev->lock); + return -ENODEV; + }
old_protocols = *current_protocols; new_protocols = old_protocols; @@ -1383,6 +1387,10 @@ static ssize_t store_filter(struct devic return -EINVAL;
mutex_lock(&dev->lock); + if (!dev->registered) { + mutex_unlock(&dev->lock); + return -ENODEV; + }
new_filter = *filter; if (fattr->mask) @@ -1497,6 +1505,10 @@ static ssize_t store_wakeup_protocols(st int i;
mutex_lock(&dev->lock); + if (!dev->registered) { + mutex_unlock(&dev->lock); + return -ENODEV; + }
allowed = dev->allowed_wakeup_protocols;