| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251028064443.655-1-vulab@iscas.ac.cn>
Date: Tue, 28 Oct 2025 14:44:43 +0800
From: Haotian Zhang <vulab@...as.ac.cn>
To: tfiga@...omium.org,
m.szyprowski@...sung.com,
mchehab@...nel.org
Cc: linux-media@...r.kernel.org,
linux-kernel@...r.kernel.org,
Haotian Zhang <vulab@...as.ac.cn>
Subject: [PATCH] media: videobuf2: Fix device reference leak in vb2_dc_alloc error path
In vb2_dc_alloc(), get_device() is called to increment the device
reference count. However, if subsequent DMA allocation fails
(vb2_dc_alloc_coherent or vb2_dc_alloc_non_coherent returns error),
the function returns without calling put_device(), causing a device
reference leak.
Add put_device() call in the error path before kfree() to properly
release the device reference acquired earlier.
Fixes: de27891f675e ("media: videobuf2: handle non-contiguous DMA allocations")
Signed-off-by: Haotian Zhang <vulab@...as.ac.cn>
---
drivers/media/common/videobuf2/videobuf2-dma-contig.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
index a13ec569c82f..7123c5fae92c 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
@@ -258,6 +258,7 @@ static void *vb2_dc_alloc(struct vb2_buffer *vb,
if (ret) {
dev_err(dev, "dma alloc of size %lu failed\n", size);
+ put_device(buf->dev);
kfree(buf);
return ERR_PTR(-ENOMEM);
}
--
2.50.1.windows.1
Powered by blists - more mailing lists