lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2ad9352f-cb65-1643-e540-a21f9c570266@nvidia.com>
Date:   Wed, 15 Apr 2020 12:51:34 -0700
From:   Sowjanya Komatineni <skomatineni@...dia.com>
To:     Dmitry Osipenko <digetx@...il.com>
CC:     <thierry.reding@...il.com>, <jonathanh@...dia.com>,
        <frankc@...dia.com>, <hverkuil@...all.nl>, <sakari.ailus@....fi>,
        <helen.koike@...labora.com>, <sboyd@...nel.org>,
        <linux-media@...r.kernel.org>, <devicetree@...r.kernel.org>,
        <linux-clk@...r.kernel.org>, <linux-tegra@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH v7 6/9] media: tegra: Add Tegra210 Video input driver


On 4/15/20 12:21 PM, Dmitry Osipenko wrote:
> External email: Use caution opening links or attachments
>
>
> 15.04.2020 21:53, Sowjanya Komatineni пишет:
> ...
>>>>>>>> Have you tried to test this driver under KASAN? I suspect that
>>>>>>>> you just
>>>>>>>> masked the problem, instead of fixing it.
>> Tested with kmemleak scan and did not see any memory leaks
> You should get use-after-free and not memleak.
I don't see use-after-free bugs during the testing.

But as mentioned when direct vi/csi client driver unbind happens while 
video device node is kept opened, vi driver remove will free vi 
structure memory but actual video device memory which is part of 
channels remains but list head gets lost when vi structure is freed.

So, when device node is released and executes release callback as list 
head is lost it can't free allocated channels which is not good.

This happens only with direct host1x client vi/csi driver unbind.

Need to find better place to free host1x client driver data structure to 
allow direct client driver unbind->bind.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ