From patchwork Wed Jun 14 13:05:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 13280024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C454EEB64D8 for ; Wed, 14 Jun 2023 13:06:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Subject:Cc:To: From:Date:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=E082aS1RK2EXSBEQT7TaGXRzQP4cC/kxjUhLth6nW5Y=; b=z7NVguhNvM/QW3 WM3f4dY6m1cp5S4CColsa6TAAsfk4Qdt6+MqkuXva0UrqR6O5YxTkqlnI52X2s2uVXykf0GqpU0uI D4DAKzc7QRQjiCcd4xjGD//0a+sWnPnfIU8JJWEBfuz0mI4pnysiR5741XZh51bSXyCy+r8DIKPJJ 5NKMjvRCfG1PHuJXZCnnLirpqpW/Kc6ykhShqt1dRlOEe6TNZTsTIhbXAb57ZWN647MXIyyM9e3yd d8vXVto7+kSrg3yGfvbdkyPliD7ipk8o+u0s0xZRicwNFrkNvsizIsJZ+qXBVhhmoiaHe2Fkq+f4O lyjxT0DrH9KYAdIIkJ4g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q9QC6-00BhXE-2T; Wed, 14 Jun 2023 13:05:50 +0000 Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q9QC3-00BhVl-1R for linux-arm-kernel@lists.infradead.org; Wed, 14 Jun 2023 13:05:48 +0000 Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-4f64fb05a8aso8564598e87.0 for ; Wed, 14 Jun 2023 06:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686747945; x=1689339945; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=NpXYhh0i7/zZRYDxH3cRSLHICiT4WhBUrDQHv8jv/TY=; b=qlUG9/5FtENTa5fXIoKa0+kkYpdwqZlddkMKUS1eMk41OvnM03aOFTCm8C12VYu5UF e3hdlRmjofPpUDkqUnJoe3KTrF43HT36YctkAS5moAW4GK4EAZIWaH/xWK6dYf0DMJoq 8BT/1YsT9/x4o6Nd0e9MsFT0pOUS4BU8BD8NyJrA4gG7wnkZPCwVW4z+LMt25x6Zp4ey ir0pUSpEHtIe4inXE5FyrgmbF8QrCzTiwjqzaWv+S6yCUJ0v/Ni6JfwZ96wMrmGJjGLM NWfSDV5SWfs9Y+taaKVh01aIaeu8WVmgxIdOlEEvjfKk3GzMJVjbWg2BKZ8mnJRBY3Jj BgZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686747945; x=1689339945; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NpXYhh0i7/zZRYDxH3cRSLHICiT4WhBUrDQHv8jv/TY=; b=V//zfcCEMlGs//ZxI3w4lgUNxEiRNrzCge9EsoGd5bO1TlTDPiF1fRrf9TAW0LAGz0 HjpwTZpfBujcUi7YDruvc7B4PHOH0KaBtZ4OMKYgCYlLr8qIQLJ+3VLguhQhQnEz/YTw MqpF4yvyZ0roqOAUJtPOnvQCklEsdVs0RLi4idZ6xYrauiZzbdipUGGl605supngRfqz zeWXeHCXzveWTWfL4+3k+wYQaqT2KciyNtAhqZkmU/VOdZ2Om6e9WRBKghqbaZoNTrDf gggvEPMBni+TueTP+cWwNAsWB/nu3If3fwb/tde8xd6k27DGBwEQak0izQXjgBVPFH18 eNHQ== X-Gm-Message-State: AC+VfDxLyGvg9h3kI0mI/ITZK9ToKl49Ez/drS/L2ytCRHPGHPxZR2Lb J1Ubjx2Bxd3RSM+kqrKyjtp5Fw== X-Google-Smtp-Source: ACHHUZ6K+MrBRSgvgD8L8TQx8zMgyRcFs1eYiYo6kMrefG96FrjoHSgnXbgGKRKIz+4j3Lk5P2pGIw== X-Received: by 2002:a19:5045:0:b0:4f6:8156:f6e with SMTP id z5-20020a195045000000b004f681560f6emr5956110lfj.53.1686747944779; Wed, 14 Jun 2023 06:05:44 -0700 (PDT) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id z15-20020a7bc7cf000000b003f6129d2e30sm17543647wmk.1.2023.06.14.06.05.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 06:05:43 -0700 (PDT) Date: Wed, 14 Jun 2023 16:05:39 +0300 From: Dan Carpenter To: Yunfei Dong Cc: Tiffany Lin , Andrew-CT Chen , Mauro Carvalho Chehab , Matthias Brugger , AngeloGioacchino Del Regno , Hans Verkuil , linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, kernel-janitors@vger.kernel.org Subject: [PATCH 1/4] media: mediatek: vcodec: fix potential double free Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230614_060547_489873_61916E1B X-CRM114-Status: GOOD ( 12.28 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The "lat_buf->private_data" needs to be set to NULL to prevent a double free. How this would happen is if vdec_msg_queue_init() failed twice in a row and on the second time it failed earlier than on the first time. The vdec_msg_queue_init() function has a loop which does: for (i = 0; i < NUM_BUFFER_COUNT; i++) { Each iteration initializes one element in the msg_queue->lat_buf[] array and then the clean up function vdec_msg_queue_deinit() frees each element of the msg_queue->lat_buf[] array. This clean up code relies on the assumption that every element is either initialized or zeroed. Leaving a freed pointer which is non-zero breaks the assumption. Fixes: b199fe46f35c ("media: mtk-vcodec: Add msg queue feature for lat and core architecture") Signed-off-by: Dan Carpenter Reviewed-by: Nicolas Dufresne --- drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c b/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c index f555341ae708..92ac82eb444e 100644 --- a/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c +++ b/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c @@ -231,6 +231,7 @@ void vdec_msg_queue_deinit(struct vdec_msg_queue *msg_queue, mtk_vcodec_mem_free(ctx, mem); kfree(lat_buf->private_data); + lat_buf->private_data = NULL; } cancel_work_sync(&msg_queue->core_work); From patchwork Wed Jun 14 13:06:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 13280028 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 96665EB64D9 for ; Wed, 14 Jun 2023 13:07:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:References: List-Owner; bh=mIVMFxHaTgEzF1/qXQaDLlet6L6XE+T1iQ8eaZLWg6A=; b=tgiWwAgMO4lTvv 6luoqr0aSa0uO+x147t2htbokwddJ8SeaqdZioWukCjkazaXiglY3aCoJSmN1dPK1k7dVaE6uGE7v NtA8eZkV8G1UCRqNkuZ44Fc2z5tDZ8udaYUwLB04dADJGswux89kJzWW46lZsGRMjzJImHMRrlfy9 nYaJZBDKkdBimMr+TJyCgQSAqPqRK5swiTpepU6/r1bs/MvFmqytNzc0o0v1cxuuXXLGA825QVdMp i75vUA6INvhNFVzEPslnTFMnEJ450hRX4Sn3jaMtT+UFJahAQIL2UoTG7ooK9zp6lYXXp2jLhWrue Y05BFecU/6wTUEwfpO4w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q9QDJ-00BhnC-09; Wed, 14 Jun 2023 13:07:05 +0000 Received: from mail-lf1-x130.google.com ([2a00:1450:4864:20::130]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q9QDF-00Bhkb-2I for linux-arm-kernel@lists.infradead.org; Wed, 14 Jun 2023 13:07:03 +0000 Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-4f6283d0d84so8595177e87.1 for ; Wed, 14 Jun 2023 06:06:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686748013; x=1689340013; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=YFfuOxz0aVpxNGfX5VGlWy6rfFH7wm495IfcvMn9LIA=; b=IjZLmnZD83bdyOsNsp6lxqbsqFl1lP2I0hpeUthIyltTZf+t+M9vmPe3Cdv/i29pxX h/bCZSJT21SBsXvv0d4tgcstRLqpx9S8sr+sSgvmt1rkjxqkkcrACVKXIqWqPA/3mw1v sAHcffpzxAw4wIrQdKYzcVZQcZXJzPOidmI+oGR5tlZxGp20gqrmX5wn8VXUIRdHIru7 2VkPTmySQh49bZcleoEzNETQkWlnH6jT0dTJKTPFShNvduawz5hvFh65Qwqxz18O0nZM vwpjG4tR2x1YOVm03LXNe+KTa5LBsGibl/AtYXs22V2xYEiUVCgw2Alr8/5rAGRlloT2 TA+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686748013; x=1689340013; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YFfuOxz0aVpxNGfX5VGlWy6rfFH7wm495IfcvMn9LIA=; b=PlL5gG5JJ3Cn74uPTaBcBNOdQOISNa3MsKO6AZ34/lPtqUL4N4HxF16nCmLmzhrn5F fYOSuMqj0+/FXC+kFgiO/w6vQyi7ce5VIPzgmoN6ZO2CW3Fe28t9Rrz4Bsk+rkrYbV+J S0QzgmfDT/99/RGmGN4HvPOmDlZWfE+sPwQmhKP8UTiKhKs3yn5yLEEhhg+2UtxBO05Z TC1u8fAAx4wjKrVGEoeftBod2ahRGNSvntZU9JXjRrw5dnAalmKw3fPlEbA2K7vUlu7v zbjBNmjJJ/WjjR/ZELJmMmZ40RIugh1SxhStIxtDzkdMtgKHCl7MUKu90rPiz2IzH0Pz eQxw== X-Gm-Message-State: AC+VfDxliW9v8GzLU0npu7L9dOjKwGmGbMvVdZRO4KAE4X93OhYx2sba nUW4HwHheWHz4zYGr8usZdMq3A== X-Google-Smtp-Source: ACHHUZ4+8xYu0TX3myZ8dQQXDqCqdNsFL/Eth3tWWYbfOAZKae4zdc9hxMjPP1fWrusnoL7ln8frLg== X-Received: by 2002:a19:5f19:0:b0:4f6:1433:fca0 with SMTP id t25-20020a195f19000000b004f61433fca0mr4970200lfb.0.1686748012681; Wed, 14 Jun 2023 06:06:52 -0700 (PDT) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id p18-20020a05600c205200b003f74eb308fasm17391390wmg.48.2023.06.14.06.06.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 06:06:51 -0700 (PDT) Date: Wed, 14 Jun 2023 16:06:47 +0300 From: Dan Carpenter To: Yunfei Dong Cc: Tiffany Lin , Andrew-CT Chen , Mauro Carvalho Chehab , Matthias Brugger , AngeloGioacchino Del Regno , Hans Verkuil , Nicolas Dufresne , Xiaoyong Lu , linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, kernel-janitors@vger.kernel.org Subject: [PATCH 2/4] media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init() Message-ID: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email haha only kidding X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230614_060701_747634_09A3761E X-CRM114-Status: GOOD ( 16.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org If we encounter any error in the vdec_msg_queue_init() then we need to set "msg_queue->wdma_addr.size = 0;". Normally, this is done inside the vdec_msg_queue_deinit() function. However, if the first call to allocate &msg_queue->wdma_addr fails, then the vdec_msg_queue_deinit() function is a no-op. For that situation, just set the size to zero explicitly and return. There were two other error paths which did not clean up before returning. Change those error paths to goto mem_alloc_err. Fixes: b199fe46f35c ("media: mtk-vcodec: Add msg queue feature for lat and core architecture") Fixes: 2f5d0aef37c6 ("media: mediatek: vcodec: support stateless AV1 decoder") Signed-off-by: Dan Carpenter Reviewed-by: Nicolas Dufresne --- drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c b/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c index 92ac82eb444e..be25d56712d8 100644 --- a/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c +++ b/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c @@ -307,6 +307,7 @@ int vdec_msg_queue_init(struct vdec_msg_queue *msg_queue, err = mtk_vcodec_mem_alloc(ctx, &msg_queue->wdma_addr); if (err) { mtk_v4l2_err("failed to allocate wdma_addr buf"); + msg_queue->wdma_addr.size = 0; return -ENOMEM; } msg_queue->wdma_rptr_addr = msg_queue->wdma_addr.dma_addr; @@ -338,14 +339,14 @@ int vdec_msg_queue_init(struct vdec_msg_queue *msg_queue, err = mtk_vcodec_mem_alloc(ctx, &lat_buf->rd_mv_addr); if (err) { mtk_v4l2_err("failed to allocate rd_mv_addr buf[%d]", i); - return -ENOMEM; + goto mem_alloc_err; } lat_buf->tile_addr.size = VDEC_LAT_TILE_SZ; err = mtk_vcodec_mem_alloc(ctx, &lat_buf->tile_addr); if (err) { mtk_v4l2_err("failed to allocate tile_addr buf[%d]", i); - return -ENOMEM; + goto mem_alloc_err; } } From patchwork Wed Jun 14 13:07:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 13280029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2B1BDEB64D8 for ; Wed, 14 Jun 2023 13:07:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:References: List-Owner; bh=yaQpmBxdRR3N3hVUWb8eXA5k8Eq+RHuy7I6N0eRHxR0=; b=IQa4ZeFAi7/Zgf XBLeThHYHYqiFUlls5cZPwR0B/wRUi1/e+bQBbfFjgZXpzQwGRbKR1xAeeQfcJnod/zzuruBH9b5C kNDvMJsZvt2QK6cxfzGi2REQ9vKZcEItyX4x7LXCGPDhYNx3uj7MArWXQCcU12XXiY62IyH7v7QHR 2cu9hUOUXY0biWS/i9Tx4fMhNyB9R2gdZLHfP41vPTRFV2OVHARd42J0JMVKFmEEMMa3x/THgUzMR eFCMa+HYqZJCc+sLl4GkAGy04oGMlytm7Ic2MohjdMtOm4icb00/Wrf0SVLtm5BkZxcbmAbiYc/GT 9tcM/MntvpKsPOlLdnMw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q9QDf-00BhsS-0e; Wed, 14 Jun 2023 13:07:27 +0000 Received: from mail-lf1-x12b.google.com ([2a00:1450:4864:20::12b]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q9QDc-00Bhqq-26 for linux-arm-kernel@lists.infradead.org; Wed, 14 Jun 2023 13:07:25 +0000 Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-4f63ea7bfb6so8094138e87.3 for ; Wed, 14 Jun 2023 06:07:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686748041; x=1689340041; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=lZBZeD0GaGiCmPYETOfSpqVss+oC7CK9FRJirVMLVdQ=; b=cIhiHvfxTBhBdrH8q7x9CzmG6haalwPBeS1QPU8AY0haA5sb8kRwSyeGVjLkzIlDsV OBQcpx6TQIVSAVSgrYwGxQCxIw+XL5NapnwOKGnKd8pMhWMDXdDNN1U6lEF4+xriRE1L yJmSOXvQm+YDRtlj9Wtsc6bEAEZMVZi8O/W1CzvyYDy1xampTtUyAb3jqP123Hnj7bbK t03RVgLKddZHc2/BjUPSo1VA+tsBKrJPQ3/xc8RCP4r1+HVST6h80tuEUHO56MhSqkkd Doqa017D6ukUun0TBPA/mmvcri516l3KQteAxPWHpeHwt2E5xiRMZRaG/8lrS7y96v99 9h/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686748041; x=1689340041; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lZBZeD0GaGiCmPYETOfSpqVss+oC7CK9FRJirVMLVdQ=; b=jHRNvaACCBTX9LSErUJBMZ9cOu4W8e1jj0Pej8G+jMsxLaoSH2wL3AEmHOsFti+G+f sEWy6ubSACAOzJw73Y8OX5j90B/1nPFoi/qPntsxqBm/o9gMjmu/ZdRcJaDUYu4698oI C6WHOOEJdGkK54Qz1po5s0Wz5uEDzLdPOMPcqzSpRyH+OiGE2AUuygniKNdc6DcL22Jf 6/2SFgLtggN9jzKpMbTnAZ340kmgLHk4YOmgiRmp+PxHrJbTpmrm2XLTwJSmBWM8axWZ 1jx1MWIrFgNccZR/R4pwqD6QMTjOJOlnVo9YBr2K6EokYPsNdOcvvhUO1Wf0UHKonhx2 42Dw== X-Gm-Message-State: AC+VfDytaV2qPtGm7WJB4E2U5j+oC9gJB9VhsW9vLXhei0CZAUrd5Tog 4ZtKlDaqBhLzWviErqawlDjnAg== X-Google-Smtp-Source: ACHHUZ7ZMifrDxtIycZi/rDNVoPjvHN6VaI8o4UGCLlqwe0otV/MQAZDcjR62IQuaO1/6WnuCTWntg== X-Received: by 2002:a19:8c4b:0:b0:4db:3d51:6896 with SMTP id i11-20020a198c4b000000b004db3d516896mr7552938lfj.11.1686748041459; Wed, 14 Jun 2023 06:07:21 -0700 (PDT) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id l7-20020a7bc447000000b003f7f36896f9sm17299580wmi.42.2023.06.14.06.07.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 06:07:19 -0700 (PDT) Date: Wed, 14 Jun 2023 16:07:15 +0300 From: Dan Carpenter To: Yunfei Dong Cc: Tiffany Lin , Andrew-CT Chen , Mauro Carvalho Chehab , Matthias Brugger , AngeloGioacchino Del Regno , Hans Verkuil , linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, kernel-janitors@vger.kernel.org Subject: [PATCH 3/4] media: mediatek: vcodec: Fix potential crash in mtk_vcodec_dbgfs_remove() Message-ID: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email haha only kidding X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230614_060724_691171_004579CF X-CRM114-Status: GOOD ( 15.15 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The list iterator "dbgfs_inst" is always non-NULL. This means that the test for NULL inside the loop is unnecessary and it also means that the test for NULL outside the loop will not work. If we do not find the item on the list with the correct the ctx_id then it will free invalid memory leading to a crash. Fixes: cd403a6a0419 ("media: mediatek: vcodec: Add a debugfs file to get different useful information") Signed-off-by: Dan Carpenter Reviewed-by: Nicolas Dufresne --- .../media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c index 2151c3967684..2ebf68d33d57 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c @@ -166,16 +166,13 @@ void mtk_vcodec_dbgfs_remove(struct mtk_vcodec_dev *vcodec_dev, int ctx_id) struct mtk_vcodec_dbgfs_inst *dbgfs_inst; list_for_each_entry(dbgfs_inst, &vcodec_dev->dbgfs.dbgfs_head, node) { - if (dbgfs_inst && dbgfs_inst->inst_id == ctx_id) { + if (dbgfs_inst->inst_id == ctx_id) { vcodec_dev->dbgfs.inst_count--; - break; + list_del(&dbgfs_inst->node); + kfree(dbgfs_inst); + return; } } - - if (dbgfs_inst) { - list_del(&dbgfs_inst->node); - kfree(dbgfs_inst); - } } EXPORT_SYMBOL_GPL(mtk_vcodec_dbgfs_remove); From patchwork Wed Jun 14 13:19:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 13280047 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 49FD9EB64D8 for ; Wed, 14 Jun 2023 13:20:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:References: List-Owner; bh=Zrmw0hlF+kRmNKw2FHyDEtCRMfEnU0ZzT4cli3qXlls=; b=AHzEv0bnrY5CO8 inT5IsVvQpiXpHnLQBbxz/Bhlwx7uw+HXMeh2XzQ6Rs/nCFy7sqawZ/Gi1Abx3CTeSbQVfdwaf7B0 RL07m2wRAD29edYIqyV1cz/i0odcJTskGxRTcKbNFqoER+QmVrfr3PHRt1RSbx2cO4K8Ae7m2mvKv D12JF86nB+MC2ea5ap9kT0F0zZiIkDOUv2Y1UXLuHXrKbTeohDSGFnElhyF6KE23UG08SnrOCn040 wCnVrmGL5U3mRSMHNeClXLuRLZdY+7cYJRMECaEEaAEH4wywD2K197voLXLdDZTZ4qlsa0MP8lua1 AUp18GRTkUsr+RXa/NKA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q9QPf-00BjL3-32; Wed, 14 Jun 2023 13:19:51 +0000 Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q9QPc-00BjJM-2G for linux-arm-kernel@lists.infradead.org; Wed, 14 Jun 2023 13:19:50 +0000 Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-3f81b449357so7195285e9.0 for ; Wed, 14 Jun 2023 06:19:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686748786; x=1689340786; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=PTawR0BST9G8lotfidO6LQNYRUso7ZDIUXpuUcCHtQE=; b=BkNqnKVPVix70BOCgXe1QS8U2bYh+Edg1fvfVenwQ/Ri1EdnqryOIy0ZDW8e4tRjGZ gKywT15Z86R6zMxsROch7kSZqBpTDmKV60o3lgC8wmvibvywkcPd2gST+lF9rS6+E8Z/ BzqjJ2VW/T4Mx5qRRXO2O7UjR4O/jT6wfJTgqZbg72kZCLTRN/G7JPNaq9R8hN/xNMB6 HWw3AE9CYtxy9ebFDvEmT6Kg4WhNlB/Qc24OigcLyAAbvLLJOLyTD26ZrrvMgFaVCi+Z we0Cf+dolYNcSkqDdd6FasfuwA0+Sok2MdB4LIaRjktDqg/HwbfHxywwfLxOeC23JCql 0N2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686748786; x=1689340786; h=in-reply-to:content-disposition:mime-version:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PTawR0BST9G8lotfidO6LQNYRUso7ZDIUXpuUcCHtQE=; b=AhHYUDG2WPLU+8PydowqG0HliyPX9kZ69VMdJniVho5+pQNI9CKzki+LUUKUMh0bt1 iXgpIWmjHu1Qd50YXBz5TK+/QKYGMG367mIsUW5pSQv+dYj7X38WFN2k0PpRJGbiXn5D HHUid2F/YVuAAIeObffP/OPDFxrRXxV9/hFv8P8Y/T3kdcnl0w/UOMOcgKxDIMkcdLuL HaBIbKWYMfpN7KDtbq5eA7/CTLOoJNjmtJWKpPomEmmKp80JO4yx+iBZJIo6muM+0RaJ 6qRaIsfVWssxSHPxO/Sv+YAg04X7Rl8ekK5Eprm9Ya3T9hsHFXcLbx4NVR9UH2ob5wUq FcHg== X-Gm-Message-State: AC+VfDxlmMZpHcLjPlitnhWmA9sE6CZBT6udj5sB6JcfMNMA8v8YmGx6 Wi49pmjbFGoD6A22IXhXrX16EA== X-Google-Smtp-Source: ACHHUZ4DeIGubCRzWcvMeuPt39igLK19RrM/aDbDy7aAEaqAAwy/j8foX3lY71X1d6U5MvbZfo2OWA== X-Received: by 2002:a05:600c:287:b0:3f6:766:f76f with SMTP id 7-20020a05600c028700b003f60766f76fmr11311559wmk.36.1686748786546; Wed, 14 Jun 2023 06:19:46 -0700 (PDT) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id z21-20020a1c4c15000000b003f80622bb65sm16430946wmf.12.2023.06.14.06.19.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jun 2023 06:19:45 -0700 (PDT) Date: Wed, 14 Jun 2023 16:19:41 +0300 From: Dan Carpenter To: Yunfei Dong Cc: Tiffany Lin , Andrew-CT Chen , Mauro Carvalho Chehab , Matthias Brugger , AngeloGioacchino Del Regno , Hans Verkuil , linux-media@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, kernel-janitors@vger.kernel.org Subject: [PATCH 4/4] media: mediatek: vcodec: Improve an error message Message-ID: <0cdeeee4-3bd7-4bd5-88a1-c5ecf7f6a1f8@moroto.mountain> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailer: git-send-email haha only kidding X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230614_061948_739978_23B259F2 X-CRM114-Status: GOOD ( 15.02 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is intended to print the error code but there is a typo so it prints IS_ERR() instead of PTR_ERR(). Fixes: 77f3b023f452 ("media: mediatek: vcodec: Add debugfs interface to get debug information") Signed-off-by: Dan Carpenter Reviewed-by: Nicolas Dufresne --- This driver has quite a bit of code to handle the case where DEBUG_FS is turned off. It's a bit over engineered. With debugfs you're normally just supposed to call the functions and ignore the errors. But it's also harmless to do it this way. drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c index 2ebf68d33d57..6957105492ae 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_dbgfs.c @@ -185,8 +185,8 @@ void mtk_vcodec_dbgfs_init(struct mtk_vcodec_dev *vcodec_dev, bool is_encode) else vcodec_dev->dbgfs.vcodec_root = debugfs_create_dir("vcodec-dec", NULL); if (IS_ERR(vcodec_dev->dbgfs.vcodec_root)) - dev_err(&vcodec_dev->plat_dev->dev, "create vcodec dir err:%d\n", - IS_ERR(vcodec_dev->dbgfs.vcodec_root)); + dev_err(&vcodec_dev->plat_dev->dev, "create vcodec dir err:%ld\n", + PTR_ERR(vcodec_dev->dbgfs.vcodec_root)); vcodec_root = vcodec_dev->dbgfs.vcodec_root; debugfs_create_x32("mtk_v4l2_dbg_level", 0644, vcodec_root, &mtk_v4l2_dbg_level);