The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 490d84f6d73c12f4204241cff8651eed60aae914 Mon Sep 17 00:00:00 2001
From: Hans Verkuil hverkuil@xs4all.nl Date: Mon, 15 Oct 2018 06:14:22 -0400 Subject: [PATCH] media: cec: forgot to cancel delayed work
If the wait for completion was interrupted, then make sure to cancel any delayed work.
This can only happen if a transmit is waiting for a reply, and you press Ctrl-C or reboot/poweroff or something like that which interrupts the thread waiting for the reply and then proceeds to delete the CEC message.
Since the delayed work wasn't canceled, once it would trigger it referred to stale data and resulted in a kernel oops.
Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts")
Signed-off-by: Hans Verkuil hans.verkuil@cisco.com Cc: stable@vger.kernel.org # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab mchehab+samsung@kernel.org
diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 0c0d9107383e..31d1f4ab915e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -844,6 +844,8 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, */ mutex_unlock(&adap->lock); wait_for_completion_killable(&data->c); + if (!data->completed) + cancel_delayed_work_sync(&data->work); mutex_lock(&adap->lock);
/* Cancel the transmit if it was interrupted */