| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jun 2019 09:47:44 +0100
From: "Lad, Prabhakar" <prabhakar.csengg@...il.com>
To: Yang Xiao <92siuyang@...il.com>
Cc: Mauro Carvalho Chehab <mchehab@...nel.org>,
linux-media <linux-media@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Hans Verkuil <hverkuil@...all.nl>
Subject: Re: [PATCH] media: davinci: vpif_capture: fix memory leak in vpif_probe()
Cheers,
--Prabhakar Lad
On Tue, Jun 4, 2019 at 9:34 AM Yang Xiao <92siuyang@...il.com> wrote:
>
> On Tue, Jun 4, 2019 at 4:15 PM Lad, Prabhakar
> <prabhakar.csengg@...il.com> wrote:
> >
> > Hi Young,
> >
> > Thanks for the patch.
> >
> > On Tue, Jun 4, 2019 at 8:49 AM Young Xiao <92siuyang@...il.com> wrote:
> > >
> > > If vpif_probe() fails on v4l2_device_register() and vpif_probe_complete(),
> > > then memory allocated at initialize_vpif() for global vpif_obj.dev[i]
> > > become unreleased.
> > >
> > > The patch adds deallocation of vpif_obj.dev[i] on the error path.
> > >
> > > Signed-off-by: Young Xiao <92siuyang@...il.com>
> > > ---
> > > drivers/media/platform/davinci/vpif_capture.c | 19 ++++++++++++++++---
> > > 1 file changed, 16 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/media/platform/davinci/vpif_capture.c
> > > index b5aacb0..277d500 100644
> > > --- a/drivers/media/platform/davinci/vpif_capture.c
> > > +++ b/drivers/media/platform/davinci/vpif_capture.c
> > > @@ -1385,6 +1385,14 @@ static int initialize_vpif(void)
> > > return err;
> > > }
> > >
> > > +static void free_vpif_objs(void)
> > > +{
> > function could be made inline.
> >
> > > + int i;
> > > +
> > > + for (i = 0; i < VPIF_DISPLAY_MAX_DEVICES; i++)
> >
> > VPIF_DISPLAY_MAX_DEVICES ? this should be VPIF_CAPTURE_MAX_DEVICES
> >
> > > + kfree(vpif_obj.dev[i]);
> > > +}
> > > +
> > > static int vpif_async_bound(struct v4l2_async_notifier *notifier,
> > > struct v4l2_subdev *subdev,
> > > struct v4l2_async_subdev *asd)
> > > @@ -1654,7 +1662,7 @@ static __init int vpif_probe(struct platform_device *pdev)
> > > err = v4l2_device_register(vpif_dev, &vpif_obj.v4l2_dev);
> > > if (err) {
> > > v4l2_err(vpif_dev->driver, "Error registering v4l2 device\n");
> > > - goto cleanup;
> > > + goto vpif_free;
> > > }
> > >
> > > while ((res = platform_get_resource(pdev, IORESOURCE_IRQ, res_idx))) {
> > > @@ -1701,7 +1709,10 @@ static __init int vpif_probe(struct platform_device *pdev)
> > > "registered sub device %s\n",
> > > subdevdata->name);
> > > }
> > > - vpif_probe_complete();
> > > + err = vpif_probe_complete();
> > > + if (err) {
> > > + goto probe_subdev_out;
> > > + }
> >
> > No need for { and } as per kernel coding style.
>
> Sorry, I can not get your point here.
> There is no need to check the return value of vpif_probe_complete(), isn't it?
> So, we just fix the memory leak in the error path of v4l2_device_register()?
>
Not sure if you got my statement here, it means do not add {} braces
around the if statement,
so for example the code should look like something below (refer the
link [1] for more reading)
err = vpif_probe_complete();
if (err)
goto probe_subdev_out;
[1] https://www.kernel.org/doc/html/v4.10/process/coding-style.html#placing-braces-and-spaces
Cheers,
--Prabhakar Lad
Powered by blists - more mailing lists