From patchwork Wed Jun 14 13:07:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Carpenter <dan.carpenter@linaro.org>
X-Patchwork-Id: 13280029
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 2B1BDEB64D8
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed, 14 Jun 2023 13:07:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Message-ID:
	Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:References:
	List-Owner; bh=yaQpmBxdRR3N3hVUWb8eXA5k8Eq+RHuy7I6N0eRHxR0=; b=IQa4ZeFAi7/Zgf
	XBLeThHYHYqiFUlls5cZPwR0B/wRUi1/e+bQBbfFjgZXpzQwGRbKR1xAeeQfcJnod/zzuruBH9b5C
	kNDvMJsZvt2QK6cxfzGi2REQ9vKZcEItyX4x7LXCGPDhYNx3uj7MArWXQCcU12XXiY62IyH7v7QHR
	2cu9hUOUXY0biWS/i9Tx4fMhNyB9R2gdZLHfP41vPTRFV2OVHARd42J0JMVKFmEEMMa3x/THgUzMR
	eFCMa+HYqZJCc+sLl4GkAGy04oGMlytm7Ic2MohjdMtOm4icb00/Wrf0SVLtm5BkZxcbmAbiYc/GT
	9tcM/MntvpKsPOlLdnMw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1q9QDf-00BhsS-0e;
	Wed, 14 Jun 2023 13:07:27 +0000
Received: from mail-lf1-x12b.google.com ([2a00:1450:4864:20::12b])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1q9QDc-00Bhqq-26
	for linux-arm-kernel@lists.infradead.org;
	Wed, 14 Jun 2023 13:07:25 +0000
Received: by mail-lf1-x12b.google.com with SMTP id
 2adb3069b0e04-4f63ea7bfb6so8094138e87.3
        for <linux-arm-kernel@lists.infradead.org>;
 Wed, 14 Jun 2023 06:07:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1686748041; x=1689340041;
        h=in-reply-to:content-disposition:mime-version:message-id:subject:cc
         :to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=lZBZeD0GaGiCmPYETOfSpqVss+oC7CK9FRJirVMLVdQ=;
        b=cIhiHvfxTBhBdrH8q7x9CzmG6haalwPBeS1QPU8AY0haA5sb8kRwSyeGVjLkzIlDsV
         OBQcpx6TQIVSAVSgrYwGxQCxIw+XL5NapnwOKGnKd8pMhWMDXdDNN1U6lEF4+xriRE1L
         yJmSOXvQm+YDRtlj9Wtsc6bEAEZMVZi8O/W1CzvyYDy1xampTtUyAb3jqP123Hnj7bbK
         t03RVgLKddZHc2/BjUPSo1VA+tsBKrJPQ3/xc8RCP4r1+HVST6h80tuEUHO56MhSqkkd
         Doqa017D6ukUun0TBPA/mmvcri516l3KQteAxPWHpeHwt2E5xiRMZRaG/8lrS7y96v99
         9h/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1686748041; x=1689340041;
        h=in-reply-to:content-disposition:mime-version:message-id:subject:cc
         :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lZBZeD0GaGiCmPYETOfSpqVss+oC7CK9FRJirVMLVdQ=;
        b=jHRNvaACCBTX9LSErUJBMZ9cOu4W8e1jj0Pej8G+jMsxLaoSH2wL3AEmHOsFti+G+f
         sEWy6ubSACAOzJw73Y8OX5j90B/1nPFoi/qPntsxqBm/o9gMjmu/ZdRcJaDUYu4698oI
         C6WHOOEJdGkK54Qz1po5s0Wz5uEDzLdPOMPcqzSpRyH+OiGE2AUuygniKNdc6DcL22Jf
         6/2SFgLtggN9jzKpMbTnAZ340kmgLHk4YOmgiRmp+PxHrJbTpmrm2XLTwJSmBWM8axWZ
         1jx1MWIrFgNccZR/R4pwqD6QMTjOJOlnVo9YBr2K6EokYPsNdOcvvhUO1Wf0UHKonhx2
         42Dw==
X-Gm-Message-State: AC+VfDytaV2qPtGm7WJB4E2U5j+oC9gJB9VhsW9vLXhei0CZAUrd5Tog
	4ZtKlDaqBhLzWviErqawlDjnAg==
X-Google-Smtp-Source: 
 ACHHUZ7ZMifrDxtIycZi/rDNVoPjvHN6VaI8o4UGCLlqwe0otV/MQAZDcjR62IQuaO1/6WnuCTWntg==
X-Received: by 2002:a19:8c4b:0:b0:4db:3d51:6896 with SMTP id
 i11-20020a198c4b000000b004db3d516896mr7552938lfj.11.1686748041459;
        Wed, 14 Jun 2023 06:07:21 -0700 (PDT)
Received: from localhost ([102.36.222.112])
        by smtp.gmail.com with ESMTPSA id
 l7-20020a7bc447000000b003f7f36896f9sm17299580wmi.42.2023.06.14.06.07.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 14 Jun 2023 06:07:19 -0700 (PDT)
Date: Wed, 14 Jun 2023 16:07:15 +0300
From: Dan Carpenter <dan.carpenter@linaro.org>
To: Yunfei Dong <yunfei.dong@mediatek.com>
Cc: Tiffany Lin <tiffany.lin@mediatek.com>,
	Andrew-CT Chen <andrew-ct.chen@mediatek.com>,
	Mauro Carvalho Chehab <mchehab@kernel.org>,
	Matthias Brugger <matthias.bgg@gmail.com>,
	AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>,
	Hans Verkuil <hverkuil-cisco@xs4all.nl>,
	linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	linux-mediatek@lists.infradead.org, kernel-janitors@vger.kernel.org
Subject: [PATCH 3/4] media: mediatek: vcodec: Fix potential crash in
 mtk_vcodec_dbgfs_remove()
Message-ID: <d4fffbaa-f01d-4e2e-9b1b-45d996236642@moroto.mountain>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <ca491aaa-cfc4-4a84-b7fc-b64f3adc6550@moroto.mountain>
X-Mailer: git-send-email haha only kidding
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230614_060724_691171_004579CF 
X-CRM114-Status: GOOD (  15.15  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

The list iterator "dbgfs_inst" is always non-NULL.  This means that the
test for NULL inside the loop is unnecessary and it also means that the
test for NULL outside the loop will not work.  If we do not find the item
on the list with the correct the ctx_id then it will free invalid memory
leading to a crash.

Fixes: cd403a6a0419 ("media: mediatek: vcodec: Add a debugfs file to get different useful information")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
---
 .../media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c
index 2151c3967684..2ebf68d33d57 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c
@@ -166,16 +166,13 @@ void mtk_vcodec_dbgfs_remove(struct mtk_vcodec_dev *vcodec_dev, int ctx_id)
 	struct mtk_vcodec_dbgfs_inst *dbgfs_inst;
 
 	list_for_each_entry(dbgfs_inst, &vcodec_dev->dbgfs.dbgfs_head, node) {
-		if (dbgfs_inst && dbgfs_inst->inst_id == ctx_id) {
+		if (dbgfs_inst->inst_id == ctx_id) {
 			vcodec_dev->dbgfs.inst_count--;
-			break;
+			list_del(&dbgfs_inst->node);
+			kfree(dbgfs_inst);
+			return;
 		}
 	}
-
-	if (dbgfs_inst) {
-		list_del(&dbgfs_inst->node);
-		kfree(dbgfs_inst);
-	}
 }
 EXPORT_SYMBOL_GPL(mtk_vcodec_dbgfs_remove);