[PATCH 4.18 295/350] media: cec: forgot to cancel delayed work

From: Greg Kroah-Hartman
Date: Sun Nov 11 2018 - 18:18:21 EST


4.18-stable review patch. If anyone has any objections, please let me know.

------------------

From: Hans Verkuil <hverkuil@xxxxxxxxx>

commit 490d84f6d73c12f4204241cff8651eed60aae914 upstream.

If the wait for completion was interrupted, then make sure to cancel
any delayed work.

This can only happen if a transmit is waiting for a reply, and you press
Ctrl-C or reboot/poweroff or something like that which interrupts the
thread waiting for the reply and then proceeds to delete the CEC message.

Since the delayed work wasn't canceled, once it would trigger it referred
to stale data and resulted in a kernel oops.

Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts")

Signed-off-by: Hans Verkuil <hans.verkuil@xxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # for v4.18 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/media/cec/cec-adap.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/media/cec/cec-adap.c
+++ b/drivers/media/cec/cec-adap.c
@@ -815,6 +815,8 @@ int cec_transmit_msg_fh(struct cec_adapt
*/
mutex_unlock(&adap->lock);
wait_for_completion_killable(&data->c);
+ if (!data->completed)
+ cancel_delayed_work_sync(&data->work);
mutex_lock(&adap->lock);

/* Cancel the transmit if it was interrupted */