Re: BUG in videodev.c [PATCH]

Linus Torvalds (torvalds@transmeta.com)
Sat, 6 Mar 1999 14:25:10 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Millar: "Re: Lets get this right (WAS RE:MOSIX and kernel mods)"
Previous message: Larry McVoy: "Re: MOSIX and kernel mods."
In reply to: Andi Kleen: "Re: /proc/sys/net/ipv4/conf/.../rp_filter"

On Sat, 6 Mar 1999, Richard Guenther wrote:
>
> A bug in videodev.c lets you mmap device memory and free it
> via close() - this leaves you with a nice "Blanko" mapping
> of some memory. For example the bttv driver is vulnerable
> as it frees its buffer in close(). (The drivers itself
> cannot fix it, since they dont get the vm_area_struct)

What the heck is the driver doing?

A mmap() will keep the file count updated, so the driver has to do _extra_
work in order to free some memory before all mmap areas have gone away.
The file->release() thing is called after the very last "fput" of the file
(ie after all fd's have been closed AND all memory mappings have been
removed).

This patch looks like extra code to get around some other driver bug, and
I'd much rather just see the driver fixed properly.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Millar: "Re: Lets get this right (WAS RE:MOSIX and kernel mods)"
Previous message: Larry McVoy: "Re: MOSIX and kernel mods."
In reply to: Andi Kleen: "Re: /proc/sys/net/ipv4/conf/.../rp_filter"