From: Ricardo Ribalda <ribalda@chromium.org>
Date: Tue, 22 Oct 2024 08:30:30 +0000 (+0000)
Subject: media: uvcvideo: Fix deadlock during uvc_probe
X-Git-Tag: v6.13.2~168
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db577ededf3a18b39567fc1a6209f12a0c4a3c52;p=thirdparty%2Fkernel%2Fstable.git

media: uvcvideo: Fix deadlock during uvc_probe

[ Upstream commit a67f75c2b5ecf534eab416ce16c11fe780c4f8f6 ]

If uvc_probe() fails, it can end up calling uvc_status_unregister() before
uvc_status_init() is called.

Fix this by checking if dev->status is NULL or not in
uvc_status_unregister().

Reported-by: syzbot+9446d5e0d25571e6a212@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-media/20241020160249.GD7770@pendragon.ideasonboard.com/T/#m506744621d72a2ace5dd2ab64055be9898112dbd
Fixes: c5fe3ed618f9 ("media: uvcvideo: Avoid race condition during unregister")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20241022-race-unreg-v1-1-2212f364d9de@chromium.org
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/drivers/media/usb/uvc/uvc_status.c b/drivers/media/usb/uvc/uvc_status.c
index 06c867510c8fe..f37417634ee94 100644
--- a/drivers/media/usb/uvc/uvc_status.c
+++ b/drivers/media/usb/uvc/uvc_status.c
@@ -294,6 +294,9 @@ int uvc_status_init(struct uvc_device *dev)
 
 void uvc_status_unregister(struct uvc_device *dev)
 {
+	if (!dev->status)
+		return;
+
 	uvc_status_suspend(dev);
 	uvc_input_unregister(dev);
 }