diff mbox series

media: usb: as102: reset file private data on device release

Message ID 20250507111808.546803-1-dmantipov@yandex.ru
State New
Headers show
Series media: usb: as102: reset file private data on device release | expand

Commit Message

Dmitry Antipov May 7, 2025, 11:18 a.m. UTC 
In case of successful 'as102_open()', store 'struct file' pointer
in 'struct as102_dev_t' data to ensure that file's private data
is reset to NULL after device removal via 'as102_usb_release()'.
Leaving private data dangling may be the reason of things like
https://syzkaller.appspot.com/bug?extid=47321e8fd5a4c84088db.
Since there is no reproducer, mark this as compile tested only.

Fixes: 41b44e041811 ("[media] staging: as102: Initial import from Abilis")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
---
 drivers/media/usb/as102/as102_drv.h     | 3 +++
 drivers/media/usb/as102/as102_usb_drv.c | 5 +++++
 2 files changed, 8 insertions(+)
diff mbox series

Patch

diff --git a/drivers/media/usb/as102/as102_drv.h b/drivers/media/usb/as102/as102_drv.h
index 4342c7ce3407..037795dd955f 100644
--- a/drivers/media/usb/as102/as102_drv.h
+++ b/drivers/media/usb/as102/as102_drv.h
@@ -61,6 +61,9 @@  struct as102_dev_t {
 	/* timer handle to trig ts stream download */
 	struct timer_list timer_handle;
 
+	/* used to reset private data on device release */
+	struct file *file;
+
 	struct mutex sem;
 	dma_addr_t dma_addr;
 	void *stream;
diff --git a/drivers/media/usb/as102/as102_usb_drv.c b/drivers/media/usb/as102/as102_usb_drv.c
index e0ef66a522e2..c1b8eb1d055a 100644
--- a/drivers/media/usb/as102/as102_usb_drv.c
+++ b/drivers/media/usb/as102/as102_usb_drv.c
@@ -304,6 +304,8 @@  static void as102_usb_release(struct kref *kref)
 
 	as102_dev = container_of(kref, struct as102_dev_t, kref);
 	usb_put_dev(as102_dev->bus_adap.usb_dev);
+	if (as102_dev->file)
+		as102_dev->file->private_data = NULL;
 	kfree(as102_dev);
 }
 
@@ -439,6 +441,9 @@  static int as102_open(struct inode *inode, struct file *file)
 	/* save our device object in the file's private structure */
 	file->private_data = dev;
 
+	/* save file's pointer to reset private data on release */
+	dev->file = file;
+
 	/* increment our usage count for the device */
 	kref_get(&dev->kref);