mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-11-18 17:38:00 +00:00
8ac33b8b68
A race condition is possible when writing to events_queue_size where the
events kfifo is freed during the execution of a kfifo_in(), resulting in
a use-after-free. This patch prevents such a scenario by protecting the
events queue in operation with a spinlock and locking before performing
the events queue size adjustment.
The existing events_lock mutex is renamed to events_out_lock to reflect
that it only protects events queue out operations. Because the events
queue in operations can occur in an interrupt context, a new
events_in_lock spinlock is introduced and utilized.
Fixes:
|
||
|---|---|---|
| .. | ||
| 104-quad-8.c | ||
| counter-chrdev.c | ||
| counter-chrdev.h | ||
| counter-core.c | ||
| counter-sysfs.c | ||
| counter-sysfs.h | ||
| ftm-quaddec.c | ||
| intel-qep.c | ||
| interrupt-cnt.c | ||
| Kconfig | ||
| Makefile | ||
| microchip-tcb-capture.c | ||
| stm32-lptimer-cnt.c | ||
| stm32-timer-cnt.c | ||
| ti-eqep.c | ||