media: v4l: event: Prevent freeing event subscriptions while accessed
The event subscriptions are added to the subscribed event list while holding a spinlock, but that lock is subsequently released while still accessing the subscription object. This makes it possible to unsubscribe the event --- and freeing the subscription object's memory --- while the subscription object is simultaneously accessed. Prevent this by adding a mutex to serialise the event subscription and unsubscription. This also gives a guarantee to the callback ops that the add op has returned before the del op is called. This change also results in making the elems field less special: subscriptions are only added to the event list once they are fully initialised. Signed-off-by: NSakari Ailus <sakari.ailus@linux.intel.com> Reviewed-by: NHans Verkuil <hans.verkuil@cisco.com> Reviewed-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: stable@vger.kernel.org # for 4.14 and up Fixes: c3b5b024 ("V4L/DVB: V4L: Events: Add backend") Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
Showing
想要评论请 注册 或 登录