Re: [syzbot] [pvrusb2?] [usb?] KASAN: slab-use-after-free Read in pvr2_context_set_notify

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git ce9ecca0238b140b88f43859b211c9fdfd8e5b70
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-context.c b/drivers/media/usb/pvrusb2/pvrusb2-context.c
index 14170a5d72b3..e3356f94e50e 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-context.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-context.c
@@ -27,9 +27,16 @@ static int pvr2_context_cleaned_flag;
 static struct task_struct *pvr2_context_thread_ptr;
 
 
+static int pvr2_context_shutok(void)
+{
+	return pvr2_context_cleanup_flag && (pvr2_context_exist_first == NULL);
+}
+
+
 static void pvr2_context_set_notify(struct pvr2_context *mp, int fl)
 {
 	int signal_flag = 0;
+	if (pvr2_context_shutok()) return;
 	mutex_lock(&pvr2_context_mutex);
 	if (fl) {
 		if (!mp->notify_flag) {
@@ -140,12 +147,6 @@ static void pvr2_context_check(struct pvr2_context *mp)
 }
 
 
-static int pvr2_context_shutok(void)
-{
-	return pvr2_context_cleanup_flag && (pvr2_context_exist_first == NULL);
-}
-
-
 static int pvr2_context_thread_func(void *foo)
 {
 	struct pvr2_context *mp;

[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux