[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ab85c4e6-d3f4-5861-f998-028cdab5fe5a@xs4all.nl>
Date: Wed, 1 Sep 2021 12:55:29 +0200
From: Hans Verkuil <hverkuil@...all.nl>
To: Salah Triki <salah.triki@...il.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
gregkh@...uxfoundation.org
Cc: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
Cai Huoqing <caihuoqing@...du.com>
Subject: Re: [PATCH v2] usb: stkwebcam: update the reference count of the usb
device structure
Hi Salah, Cai,
I received patches for this from both of you, but both have issues:
On 31/07/2021 18:18, Salah Triki wrote:
> Use usb_get_dev() to increment the reference count of the usb device
> structure in order to avoid releasing the structure while it is still in
> use. And use usb_put_dev() to decrement the reference count and thus,
> when it will be equal to 0 the structure will be released.
>
> Signed-off-by: Salah Triki <salah.triki@...il.com>
> ---
> Change since v1:
> Modification of the description
>
> drivers/media/usb/stkwebcam/stk-webcam.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/usb/stkwebcam/stk-webcam.c b/drivers/media/usb/stkwebcam/stk-webcam.c
> index a45d464427c4..3b14679829ed 100644
> --- a/drivers/media/usb/stkwebcam/stk-webcam.c
> +++ b/drivers/media/usb/stkwebcam/stk-webcam.c
> @@ -1309,7 +1309,7 @@ static int stk_camera_probe(struct usb_interface *interface,
> init_waitqueue_head(&dev->wait_frame);
> dev->first_init = 1; /* webcam LED management */
>
> - dev->udev = udev;
> + dev->udev = usb_get_dev(udev);
> dev->interface = interface;
> usb_get_intf(interface);
In the error path of stk_camera_probe you need to call usb_put_dev(), otherwise
the udev refcount won't go to 0.
>
> @@ -1376,6 +1376,7 @@ static void stk_camera_disconnect(struct usb_interface *interface)
>
> usb_set_intfdata(interface, NULL);
> unset_present(dev);
> + usb_put_dev(interface_to_usbdev(interface));
Cai just used usb_put_dev(dev->udev) here which makes more sense.
Cai also moved this to the stk_v4l_dev_release() function, which is probably
a better place.
However, there is another bug here as well: these lines in stk_camera_disconnect()
should be moved to stk_v4l_dev_release():
v4l2_ctrl_handler_free(&dev->hdl);
v4l2_device_unregister(&dev->v4l2_dev);
kfree(dev);
When the last user of the video device has closed their fh, then stk_v4l_dev_release()
is called, so any cleanup of resources/memory should happen there. Right now if you are
streaming and the webcam is disconnected (or the device forcibly unloaded), the dev
pointer is freed in disconnect, but stk_v4l_dev_release() is called later and will
reference freed memory.
I'm not sure who of the two of you will make a v3, I leave that to you to fight out :-)
Regards,
Hans
>
> wake_up_interruptible(&dev->wait_frame);
>
>
Powered by blists - more mailing lists