[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40d14e23-636e-ed8a-6608-99427f5b8169@xs4all.nl>
Date: Tue, 30 Jul 2019 10:15:36 +0200
From: Hans Verkuil <hverkuil@...all.nl>
To: Mark Balantzyan <mbalant3@...il.com>, ezequiel@...guardiasur.com.ar
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] media input infrastructure:tw686x: Fix of
possibleinconsistent memory deallocation and/or race condition by
implementation of custom video_device_release function in tw686x driver
Hi Mark,
Please, please read this first before posting patches:
https://kernelnewbies.org/FirstKernelPatch
And don't use insanely long subject lines in your email.
This patch is nonsense. As said before, you need to override the release() callback
of struct video_device with a tw686x-specific function that frees the dma memory and
calls video_device_release() at the end to free the struct video_device itself.
This release() callback is called by the V4L2 framework when the last user of the
device closes its filehandle, so that's a good point to free all the memory. Doing
it earlier (as the current code does) runs the risk that someone might still access
that memory, and you don't want that.
Regards,
Hans
On 7/29/19 10:09 PM, Mark Balantzyan wrote:
>
> Possible inconsistent memory deallocation and/or race conditions were detected specifically with respect to remaining open handles to the video device handled by the tw686x driver. This patch
> addresses this by implementing a revised independent instance of the video_device_release function to free the remaining resources and memory where the last open handle(s) is/were closed.
>
> Signed-off-by: Mark Balantzyan <mbalant3@...il.com>
>
> ---
>
> drivers/media/pci/tw686x/tw686x-video.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/media/pci/tw686x/tw686x-video.c b/drivers/media/pci/tw686x/tw686x-video.c
> index 3a06c000..29e10c85 100644
> --- a/drivers/media/pci/tw686x/tw686x-video.c
> +++ b/drivers/media/pci/tw686x/tw686x-video.c
> @@ -1151,18 +1151,25 @@ void tw686x_video_irq(struct tw686x_dev *dev, unsigned long requests,
> }
> }
>
> +void video_device_release(tw686x_dev *dev) {
> + for (int pb = 0; pb < 2; pb++) {
> + dev->dma_ops->free(dev->video_channels,pb);
> + }
> + kfree(dev);
> +}
> +
> void tw686x_video_free(struct tw686x_dev *dev)
> {
> - unsigned int ch, pb;
> + unsigned int ch;
>
> for (ch = 0; ch < max_channels(dev); ch++) {
> struct tw686x_video_channel *vc = &dev->video_channels[ch];
>
> video_unregister_device(vc->device);
>
> - if (dev->dma_ops->free)
> - for (pb = 0; pb < 2; pb++)
> - dev->dma_ops->free(vc, pb);
> + if (dev->dma_ops->free) {
> + video_device_release(dev);
> + }
> }
> }
>
Powered by blists - more mailing lists