From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 21 Jan 2019 13:52:14 +0000 (+0100)
Subject: 4.20-stable patches
X-Git-Tag: v4.20.4~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=835131053e50bf83950a311930bc0bef15fa239d;p=thirdparty%2Fkernel%2Fstable-queue.git

4.20-stable patches

added patches:
	media-vb2-be-sure-to-unlock-mutex-on-errors.patch
---

diff --git a/queue-4.20/media-vb2-be-sure-to-unlock-mutex-on-errors.patch b/queue-4.20/media-vb2-be-sure-to-unlock-mutex-on-errors.patch
new file mode 100644
index 00000000000..e309fa67e7d
--- /dev/null
+++ b/queue-4.20/media-vb2-be-sure-to-unlock-mutex-on-errors.patch
@@ -0,0 +1,42 @@
+From c06ef2e9acef4cda1feee2ce055b8086e33d251a Mon Sep 17 00:00:00 2001
+From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Date: Fri, 23 Nov 2018 07:05:58 -0500
+Subject: media: vb2: be sure to unlock mutex on errors
+
+From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+
+commit c06ef2e9acef4cda1feee2ce055b8086e33d251a upstream.
+
+As reported by smatch:
+drivers/media/common/videobuf2/videobuf2-core.c: drivers/media/common/videobuf2/videobuf2-core.c:2159 vb2_mmap() warn: inconsistent returns 'mutex:&q->mmap_lock'.
+  Locked on:   line 2148
+  Unlocked on: line 2100
+               line 2108
+               line 2113
+               line 2118
+               line 2156
+               line 2159
+
+There is one error condition that doesn't unlock a mutex.
+
+Fixes: cd26d1c4d1bc ("media: vb2: vb2_mmap: move lock up")
+Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/common/videobuf2/videobuf2-core.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/media/common/videobuf2/videobuf2-core.c
++++ b/drivers/media/common/videobuf2/videobuf2-core.c
+@@ -2173,7 +2173,8 @@ int vb2_mmap(struct vb2_queue *q, struct
+ 	if (length < (vma->vm_end - vma->vm_start)) {
+ 		dprintk(1,
+ 			"MMAP invalid, as it would overflow buffer length\n");
+-		return -EINVAL;
++		ret = -EINVAL;
++		goto unlock;
+ 	}
+ 
+ 	ret = call_memop(vb, mmap, vb->planes[plane].mem_priv, vma);
diff --git a/queue-4.20/series b/queue-4.20/series
index 1b8553f6da1..8e71f3a5af0 100644
--- a/queue-4.20/series
+++ b/queue-4.20/series
@@ -109,3 +109,4 @@ loop-get-rid-of-nested-acquisition-of-loop_ctl_mutex.patch
 loop-fix-double-mutex_unlock-loop_ctl_mutex-in-loop_control_ioctl.patch
 loop-drop-caches-if-offset-or-block_size-are-changed.patch
 drm-fb-helper-ignore-the-value-of-fb_var_screeninfo.pixclock.patch
+media-vb2-be-sure-to-unlock-mutex-on-errors.patch