Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1955683pxk; Tue, 1 Sep 2020 11:47:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJztAIzoj0zK+OTLTvMp3dv43j2MaYeRjNIWBn28a+fPPSd26v10VSPyaZGKqNY16LIx0QWb X-Received: by 2002:aa7:cd5a:: with SMTP id v26mr2952037edw.38.1598986024292; Tue, 01 Sep 2020 11:47:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598986024; cv=none; d=google.com; s=arc-20160816; b=RDTtMEH+7Peelv52/W5n4qKpnIr+/BB8BSYWwkcMKXi0z84TD9IlozTYJIKUiqoZJo u88H07JA2S+RR2zZlHLRg+hMlvVwQMKaUlXPvEoFkP8qJVT7H+0WbPAo6ZcaPkrXEKD4 VjyIXqrsAMlaNW+biNI02r76PJo/TOyrCarLPuxN1G90eDZCFLPymfqdzqsgZ0mNxDFu euB0I247Ylb1jZi8xKBHQPKdD8TuEkwIBosJj/KC0djFwD5s7xZb63tn776qCksCxs// blOH9VGNSxvIzXKzbOiqj5jVPotjMeYq0QoFRVgvtoVi6UMZmGAu/FIv6HJJORvhobxK tPeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=1nYPVcgZRVnwSurVeYoALZIGfBhJsYa5IaWDPbZUDUc=; b=Y1dp8g9CWTzPMpb9LBdpu7zS9vcOjkOhEC8CUJMiJliCVotFdCsOrw4sCdIHBr3OWp Rt3sOzAaAFV0zWaLoeuuQgJcKM4MmrxyNJW6sYXySNGV6kZDV8xt3ds3PCks5CCDaihz sIY8ztX3PeJzO/5T3pTme06rsuNABADlFkTKuusHf610A2JTmTNS67uxL5QTCSu+z40E 5qgmurJWQNzKl6I8MIURCd0JxlW0M9yaCbOLzNqxrCzjNDymekeTkXxQerI6/C9h2VHM +8tEmMwQl/IxXUIXa9I8RSdpsihsHh5ss6Hx8WmxfSB4uDgkgrpAJYQEzngdCiH5BBqv L4fA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k10si1240613ejr.187.2020.09.01.11.46.40; Tue, 01 Sep 2020 11:47:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729737AbgIASnE (ORCPT + 99 others); Tue, 1 Sep 2020 14:43:04 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:45336 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726102AbgIASnC (ORCPT ); Tue, 1 Sep 2020 14:43:02 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 21B441C0B9B; Tue, 1 Sep 2020 20:43:00 +0200 (CEST) Date: Tue, 1 Sep 2020 20:42:58 +0200 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Evgeny Novikov , Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin Subject: Re: [PATCH 4.19 047/125] media: davinci: vpif_capture: fix potential double free Message-ID: <20200901183912.GA5295@duo.ucw.cz> References: <20200901150934.576210879@linuxfoundation.org> <20200901150936.857115610@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bCsyhTFzCvuiizWE" Content-Disposition: inline In-Reply-To: <20200901150936.857115610@linuxfoundation.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > [ Upstream commit 602649eadaa0c977e362e641f51ec306bc1d365d ] >=20 > In case of errors vpif_probe_complete() releases memory for vpif_obj.sd > and unregisters the V4L2 device. But then this is done again by > vpif_probe() itself. The patch removes the cleaning from > vpif_probe_complete(). > Signed-off-by: Evgeny Novikov > Signed-off-by: Hans Verkuil > Signed-off-by: Mauro Carvalho Chehab > Signed-off-by: Sasha Levin > --- > drivers/media/platform/davinci/vpif_capture.c | 2 -- > 1 file changed, 2 deletions(-) >=20 > diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/medi= a/platform/davinci/vpif_capture.c > index a96f53ce80886..cf1d11e6dd8c4 100644 > --- a/drivers/media/platform/davinci/vpif_capture.c > +++ b/drivers/media/platform/davinci/vpif_capture.c > @@ -1489,8 +1489,6 @@ probe_out: > /* Unregister video device */ > video_unregister_device(&ch->video_dev); > } > - kfree(vpif_obj.sd); > - v4l2_device_unregister(&vpif_obj.v4l2_dev); > =20 > return err; > } This one is wrong. Unlike mainline, 4.19 does check return value of vpif_probe_complete(), and thus it will lead to memory leak in 4.19. Furthermore, I believe mainline still has a problems after this patch. There is sync and async path where vpif_probe_complete(), and while this fixes the sync path in mainline, I believe it will cause memory leak on the async path. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCX06WMgAKCRAw5/Bqldv6 8oVYAJ0bhGBctKpJkKysPtiS8fIF7oACrwCgp0ZfdNdUxd0xmdcm83RhLUXGHk4= =Cn3J -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--