lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Dec 2016 07:04:34 -0200
From:   Mauro Carvalho Chehab <mchehab@....samsung.com>
To:     Sakari Ailus <sakari.ailus@....fi>
Cc:     Shuah Khan <shuahkh@....samsung.com>,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Media Mailing List <linux-media@...r.kernel.org>
Subject: Re: Omap3-isp isp_remove() access subdev.entity after
 media_device_cleanup()

Em Mon, 12 Dec 2016 10:03:16 +0200
Sakari Ailus <sakari.ailus@....fi> escreveu:

> Hi Shuah,
> 
> On Fri, Dec 09, 2016 at 09:52:44AM -0700, Shuah Khan wrote:
> > Hi Sakari,
> > 
> > I am looking at omap3 isp_remove() closely and I think there are a few
> > issues there that could cause problems during unbind.
> > 
> > isp_remove() tries to do media_entity_cleanup() after it unregisters
> > media_device
> > 
> > isp_remove() calls isp_unregister_entities() followed by
> > isp_cleanup_modules() - cleanup routines call media_entity_cleanup()
> > 
> > media_entity_cleanup() accesses csi2a->subdev.entity which should be gone
> > by now after media_device_unregister(). This is just one example. I think
> > all of these cleanup routines isp_cleanup_modules() call access subdev.entity.
> > 
> > static void isp_cleanup_modules(struct isp_device *isp)
> > {
> >         omap3isp_h3a_aewb_cleanup(isp);
> >         omap3isp_h3a_af_cleanup(isp);
> >         omap3isp_hist_cleanup(isp);
> >         omap3isp_resizer_cleanup(isp);
> >         omap3isp_preview_cleanup(isp);
> >         omap3isp_ccdc_cleanup(isp);
> >         omap3isp_ccp2_cleanup(isp);
> >         omap3isp_csi2_cleanup(isp);
> > }
> > 
> > This is all done after media_device_cleanup() which does
> > ida_destroy(&mdev->entity_internal_idx); and mutex_destroy(&mdev->graph_mutex);  
> 
> Calling media_entity_cleanup() is not a source of the current problems in
> any way. The function is defined in media-entity.h and it does nothing:
> 
> static inline void media_entity_cleanup(struct media_entity *entity) {};

> 
> We could later discuss when media_entity_cleanup() should be called though.
> The existing drivers do call it in their remove() handler.

I kept it per Laurent's request, because he believed that we might
need it on some future, and keeping it would make easier to add usage
for it again, provided that it is called at the right place.

Well, as it is not been called at the right place anyway and, whatever we do
to fix the issues with data lifetime media_entity_cleanup() logic will
be affected, I suggest to just get rid of it.

Regards,
Mauro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ