[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200820000229.215333-18-sashal@kernel.org>
Date: Wed, 19 Aug 2020 20:02:25 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Evgeny Novikov <novikov@...ras.ru>,
Anton Vasilyev <vasilyev@...ras.ru>,
Hans Verkuil <hverkuil-cisco@...all.nl>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
Sasha Levin <sashal@...nel.org>, linux-media@...r.kernel.org,
linux-arm-msm@...r.kernel.org
Subject: [PATCH AUTOSEL 5.4 18/22] media: camss: fix memory leaks on error handling paths in probe
From: Evgeny Novikov <novikov@...ras.ru>
[ Upstream commit f45882cfb152f5d3a421fd58f177f227e44843b9 ]
camss_probe() does not free camss on error handling paths. The patch
introduces an additional error label for this purpose. Besides, it
removes call of v4l2_async_notifier_cleanup() from
camss_of_parse_ports() since its caller, camss_probe(), cleans up all
its resources itself.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Evgeny Novikov <novikov@...ras.ru>
Co-developed-by: Anton Vasilyev <vasilyev@...ras.ru>
Signed-off-by: Anton Vasilyev <vasilyev@...ras.ru>
Signed-off-by: Hans Verkuil <hverkuil-cisco@...all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/media/platform/qcom/camss/camss.c | 30 +++++++++++++++--------
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c
index 3fdc9f964a3c6..2483641799dfb 100644
--- a/drivers/media/platform/qcom/camss/camss.c
+++ b/drivers/media/platform/qcom/camss/camss.c
@@ -504,7 +504,6 @@ static int camss_of_parse_ports(struct camss *camss)
return num_subdevs;
err_cleanup:
- v4l2_async_notifier_cleanup(&camss->notifier);
of_node_put(node);
return ret;
}
@@ -835,29 +834,38 @@ static int camss_probe(struct platform_device *pdev)
camss->csid_num = 4;
camss->vfe_num = 2;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto err_free;
}
camss->csiphy = devm_kcalloc(dev, camss->csiphy_num,
sizeof(*camss->csiphy), GFP_KERNEL);
- if (!camss->csiphy)
- return -ENOMEM;
+ if (!camss->csiphy) {
+ ret = -ENOMEM;
+ goto err_free;
+ }
camss->csid = devm_kcalloc(dev, camss->csid_num, sizeof(*camss->csid),
GFP_KERNEL);
- if (!camss->csid)
- return -ENOMEM;
+ if (!camss->csid) {
+ ret = -ENOMEM;
+ goto err_free;
+ }
camss->vfe = devm_kcalloc(dev, camss->vfe_num, sizeof(*camss->vfe),
GFP_KERNEL);
- if (!camss->vfe)
- return -ENOMEM;
+ if (!camss->vfe) {
+ ret = -ENOMEM;
+ goto err_free;
+ }
v4l2_async_notifier_init(&camss->notifier);
num_subdevs = camss_of_parse_ports(camss);
- if (num_subdevs < 0)
- return num_subdevs;
+ if (num_subdevs < 0) {
+ ret = num_subdevs;
+ goto err_cleanup;
+ }
ret = camss_init_subdevices(camss);
if (ret < 0)
@@ -936,6 +944,8 @@ static int camss_probe(struct platform_device *pdev)
v4l2_device_unregister(&camss->v4l2_dev);
err_cleanup:
v4l2_async_notifier_cleanup(&camss->notifier);
+err_free:
+ kfree(camss);
return ret;
}
--
2.25.1
Powered by blists - more mailing lists