Re: [syzbot] [pvrusb2?] [usb?] KASAN: slab-use-after-free Read in pvr2_context_set_notify
From: Ricardo B. Marliere
Date: Wed Sep 27 2023 - 10:37:45 EST
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git ce9ecca0238b140b88f43859b211c9fdfd8e5b70
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-context.c b/drivers/media/usb/pvrusb2/pvrusb2-context.c
index 14170a5d72b3..e3356f94e50e 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-context.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-context.c
@@ -27,9 +27,16 @@ static int pvr2_context_cleaned_flag;
static struct task_struct *pvr2_context_thread_ptr;
+static int pvr2_context_shutok(void)
+{
+ return pvr2_context_cleanup_flag && (pvr2_context_exist_first == NULL);
+}
+
+
static void pvr2_context_set_notify(struct pvr2_context *mp, int fl)
{
int signal_flag = 0;
+ if (pvr2_context_shutok()) return;
mutex_lock(&pvr2_context_mutex);
if (fl) {
if (!mp->notify_flag) {
@@ -140,12 +147,6 @@ static void pvr2_context_check(struct pvr2_context *mp)
}
-static int pvr2_context_shutok(void)
-{
- return pvr2_context_cleanup_flag && (pvr2_context_exist_first == NULL);
-}
-
-
static int pvr2_context_thread_func(void *foo)
{
struct pvr2_context *mp;