From c99685cab889bd970f6ef0ad691b41ec31d47a3d Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: May 19 2023 15:43:50 +0000
Subject: media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).


---

diff --git a/patches.kabi/media-dvb_net-kabi-workaround.patch b/patches.kabi/media-dvb_net-kabi-workaround.patch
new file mode 100644
index 0000000..6d2f2a8
--- /dev/null
+++ b/patches.kabi/media-dvb_net-kabi-workaround.patch
@@ -0,0 +1,107 @@
+From: Takashi Iwai <tiwai@suse.de>
+Subject: media: dvb_net: kABI workaround
+Patch-mainline: Never, kABI workaround
+References: CVE-2022-45886 bsc#1205760
+
+For keeping the kABI workaround, the newly introduced remove_mutex
+of dvb_net to be a global one.  It's not urgent for performance,
+so we can live with that.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/media/dvb-core/dvb_net.c |   19 ++++++++++---------
+ include/media/dvb_net.h          |    4 ----
+ 2 files changed, 10 insertions(+), 13 deletions(-)
+
+--- a/drivers/media/dvb-core/dvb_net.c
++++ b/drivers/media/dvb-core/dvb_net.c
+@@ -57,6 +57,8 @@
+ #include <media/dvb_demux.h>
+ #include <media/dvb_net.h>
+ 
++static DEFINE_MUTEX(remove_mutex);
++
+ static inline __u32 iov_crc32( __u32 c, struct kvec *iov, unsigned int cnt )
+ {
+ 	unsigned int j;
+@@ -1570,17 +1572,17 @@ static int locked_dvb_net_open(struct in
+ 	struct dvb_net *dvbnet = dvbdev->priv;
+ 	int ret;
+ 
+-	if (mutex_lock_interruptible(&dvbnet->remove_mutex))
++	if (mutex_lock_interruptible(&remove_mutex))
+ 		return -ERESTARTSYS;
+ 
+ 	if (dvbnet->exit) {
+-		mutex_unlock(&dvbnet->remove_mutex);
++		mutex_unlock(&remove_mutex);
+ 		return -ENODEV;
+ 	}
+ 
+ 	ret = dvb_generic_open(inode, file);
+ 
+-	mutex_unlock(&dvbnet->remove_mutex);
++	mutex_unlock(&remove_mutex);
+ 
+ 	return ret;
+ }
+@@ -1590,15 +1592,15 @@ static int dvb_net_close(struct inode *i
+ 	struct dvb_device *dvbdev = file->private_data;
+ 	struct dvb_net *dvbnet = dvbdev->priv;
+ 
+-	mutex_lock(&dvbnet->remove_mutex);
++	mutex_lock(&remove_mutex);
+ 
+ 	dvb_generic_release(inode, file);
+ 
+ 	if (dvbdev->users == 1 && dvbnet->exit == 1) {
+-		mutex_unlock(&dvbnet->remove_mutex);
++		mutex_unlock(&remove_mutex);
+ 		wake_up(&dvbdev->wait_queue);
+ 	} else {
+-		mutex_unlock(&dvbnet->remove_mutex);
++		mutex_unlock(&remove_mutex);
+ 	}
+ 
+ 	return 0;
+@@ -1627,9 +1629,9 @@ void dvb_net_release (struct dvb_net *dv
+ {
+ 	int i;
+ 
+-	mutex_lock(&dvbnet->remove_mutex);
++	mutex_lock(&remove_mutex);
+ 	dvbnet->exit = 1;
+-	mutex_unlock(&dvbnet->remove_mutex);
++	mutex_unlock(&remove_mutex);
+ 
+ 	if (dvbnet->dvbdev->users < 1)
+ 		wait_event(dvbnet->dvbdev->wait_queue,
+@@ -1652,7 +1654,6 @@ int dvb_net_init (struct dvb_adapter *ad
+ 	int i;
+ 
+ 	mutex_init(&dvbnet->ioctl_mutex);
+-	mutex_init(&dvbnet->remove_mutex);
+ 	dvbnet->demux = dmx;
+ 
+ 	for (i=0; i<DVB_NET_DEVICES_MAX; i++)
+--- a/include/media/dvb_net.h
++++ b/include/media/dvb_net.h
+@@ -41,9 +41,6 @@
+  * @exit:		flag to indicate when the device is being removed.
+  * @demux:		pointer to &struct dmx_demux.
+  * @ioctl_mutex:	protect access to this struct.
+- * @remove_mutex:	mutex that avoids a race condition between a callback
+- *			called when the hardware is disconnected and the
+- *			file_operations of dvb_net.
+  *
+  * Currently, the core supports up to %DVB_NET_DEVICES_MAX (10) network
+  * devices.
+@@ -56,7 +53,6 @@ struct dvb_net {
+ 	unsigned int exit:1;
+ 	struct dmx_demux *demux;
+ 	struct mutex ioctl_mutex;
+-	struct mutex remove_mutex;
+ };
+ 
+ /**
diff --git a/series.conf b/series.conf
index 17a915b..492aed2 100644
--- a/series.conf
+++ b/series.conf
@@ -23720,6 +23720,7 @@
 	patches.kabi/kabi-sk_buff_scm_io_uring.patch
 	patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
 	patches.kabi/media-dvb_frontend-kabi-workaround.patch
+	patches.kabi/media-dvb_net-kabi-workaround.patch
 
 	########################################################
 	# You'd better have a good reason for adding a patch