From: Benjamin Gaignard <benjamin.gaignard@xxxxxxxxxxxxx> [ Upstream commit 65e6a2773d655172143cc0b927cdc89549842895 ] Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. Fixes: c838530d230b ("media: media videobuf2: Be more flexible on the number of queue stored buffers") Fixes: f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame grabber") Signed-off-by: Benjamin Gaignard <benjamin.gaignard@xxxxxxxxxxxxx> Reviewed-by: Tomasz Figa <tfiga@xxxxxxxxxxxx> Tested-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx> Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx> [hverkuil: fix minor spelling mistake in log message] (cherry picked from commit 65e6a2773d655172143cc0b927cdc89549842895) [Vegard: CVE-2024-27072; no conflicts] Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx> --- drivers/media/usb/usbtv/usbtv-video.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/media/usb/usbtv/usbtv-video.c b/drivers/media/usb/usbtv/usbtv-video.c index 1e30e05953dc6..7495df6b51912 100644 --- a/drivers/media/usb/usbtv/usbtv-video.c +++ b/drivers/media/usb/usbtv/usbtv-video.c @@ -962,15 +962,8 @@ int usbtv_video_init(struct usbtv *usbtv) void usbtv_video_free(struct usbtv *usbtv) { - mutex_lock(&usbtv->vb2q_lock); - mutex_lock(&usbtv->v4l2_lock); - - usbtv_stop(usbtv); vb2_video_unregister_device(&usbtv->vdev); v4l2_device_disconnect(&usbtv->v4l2_dev); - mutex_unlock(&usbtv->v4l2_lock); - mutex_unlock(&usbtv->vb2q_lock); - v4l2_device_put(&usbtv->v4l2_dev); } -- 2.34.1
