| Message ID | 20250318110556.903-1-linmq006@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | media: mtk-vcodec: Fix reference count leak in mtk_vcodec_fw_scp_init | expand |
Hi, Le mardi 18 mars 2025 à 19:05 +0800, Miaoqian Lin a écrit : > scp_get() returns a reference that needs to be released with scp_put(). > Add missing scp_put() before returning error in mtk_vcodec_fw_scp_init(). > > Fixes: 53dbe0850444 ("media: mtk-vcodec: potential null pointer deference in SCP") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> > --- > .../platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c > index ff23b225db70..11ab3bc60217 100644 > --- a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c > +++ b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c > @@ -71,7 +71,6 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use > pr_err("Invalid fw_use %d (use a reasonable fw id here)\n", fw_use); > return ERR_PTR(-EINVAL); > } > - Might sound nit-picky, but don't do style fixes in patches intended for backports. It increases the chance of conflicts. > scp = scp_get(plat_dev); > if (!scp) { > dev_err(&plat_dev->dev, "could not get vdec scp handle"); > @@ -79,8 +78,10 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use > } > > fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL); > - if (!fw) > + if (!fw) { > + scp_put(scp); > return ERR_PTR(-ENOMEM); > + } With the above style change removed: Reviewed-by: Nicolas Dufresne <nicolas.dufresne@colllabora.com> > fw->type = SCP; > fw->ops = &mtk_vcodec_rproc_msg; > fw->scp = scp;
Le mercredi 02 avril 2025 à 11:37 -0400, Nicolas Dufresne a écrit : > Hi, > > Le mardi 18 mars 2025 à 19:05 +0800, Miaoqian Lin a écrit : > > scp_get() returns a reference that needs to be released with scp_put(). > > Add missing scp_put() before returning error in mtk_vcodec_fw_scp_init(). > > > > Fixes: 53dbe0850444 ("media: mtk-vcodec: potential null pointer deference in SCP") > > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> > > --- > > .../platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c > > index ff23b225db70..11ab3bc60217 100644 > > --- a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c > > +++ b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c > > @@ -71,7 +71,6 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use > > pr_err("Invalid fw_use %d (use a reasonable fw id here)\n", fw_use); > > return ERR_PTR(-EINVAL); > > } > > - > > Might sound nit-picky, but don't do style fixes in patches intended for > backports. It increases the chance of conflicts. > > > scp = scp_get(plat_dev); > > if (!scp) { > > dev_err(&plat_dev->dev, "could not get vdec scp handle"); > > @@ -79,8 +78,10 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use > > } > > > > fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL); > > - if (!fw) > > + if (!fw) { > > + scp_put(scp); > > return ERR_PTR(-ENOMEM); > > + } > > With the above style change removed: > > Reviewed-by: Nicolas Dufresne <nicolas.dufresne@colllabora.com> Sorry for the noise, I see that Hans fixed and merged it already. Nicolas > > > fw->type = SCP; > > fw->ops = &mtk_vcodec_rproc_msg; > > fw->scp = scp;
diff --git a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c index ff23b225db70..11ab3bc60217 100644 --- a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c +++ b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c @@ -71,7 +71,6 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use pr_err("Invalid fw_use %d (use a reasonable fw id here)\n", fw_use); return ERR_PTR(-EINVAL); } - scp = scp_get(plat_dev); if (!scp) { dev_err(&plat_dev->dev, "could not get vdec scp handle"); @@ -79,8 +78,10 @@ struct mtk_vcodec_fw *mtk_vcodec_fw_scp_init(void *priv, enum mtk_vcodec_fw_use } fw = devm_kzalloc(&plat_dev->dev, sizeof(*fw), GFP_KERNEL); - if (!fw) + if (!fw) { + scp_put(scp); return ERR_PTR(-ENOMEM); + } fw->type = SCP; fw->ops = &mtk_vcodec_rproc_msg; fw->scp = scp;
scp_get() returns a reference that needs to be released with scp_put(). Add missing scp_put() before returning error in mtk_vcodec_fw_scp_init(). Fixes: 53dbe0850444 ("media: mtk-vcodec: potential null pointer deference in SCP") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> --- .../platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)