[media] v4l: Fix use-after-free case in v4l2_device_release
Drivers that have no v4l2_device release callback might free the v4l2_device instance in the video_device release callback. Make sure we don't access the v4l2_device instance after it gets freed. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
This commit is contained in:
parent
dd182e5416
commit
8280b662df
1 changed files with 11 additions and 0 deletions
|
@ -173,6 +173,17 @@ static void v4l2_device_release(struct device *cd)
|
|||
media_device_unregister_entity(&vdev->entity);
|
||||
#endif
|
||||
|
||||
/* Do not call v4l2_device_put if there is no release callback set.
|
||||
* Drivers that have no v4l2_device release callback might free the
|
||||
* v4l2_dev instance in the video_device release callback below, so we
|
||||
* must perform this check here.
|
||||
*
|
||||
* TODO: In the long run all drivers that use v4l2_device should use the
|
||||
* v4l2_device release callback. This check will then be unnecessary.
|
||||
*/
|
||||
if (v4l2_dev->release == NULL)
|
||||
v4l2_dev = NULL;
|
||||
|
||||
/* Release video_device and perform other
|
||||
cleanups as needed. */
|
||||
vdev->release(vdev);
|
||||
|
|
Loading…
Reference in a new issue