From: Dan Carpenter <dan.carpenter@oracle.com>
To: Dongliang Mu <mudongliangabcd@gmail.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
Pavel Skripkin <paskripkin@gmail.com>,
syzbot <syzkaller@googlegroups.com>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak in em28xx_init_dev
Date: Mon, 1 Nov 2021 21:32:50 +0300 [thread overview]
Message-ID: <20211101183249.GA28019@kili> (raw)
In-Reply-To: <20211101095539.423246-1-mudongliangabcd@gmail.com>
On Mon, Nov 01, 2021 at 05:55:39PM +0800, Dongliang Mu wrote:
> In the em28xx_init_rev, if em28xx_audio_setup fails, this function fails
> to deallocate the media_dev allocated in the em28xx_media_device_init.
>
> Fix this by adding em28xx_unregister_media_device to free media_dev.
>
> BTW, this patch is tested in my local syzkaller instance, and it can
> prevent the memory leak from occurring again.
>
> CC: Pavel Skripkin <paskripkin@gmail.com>
> Fixes: 37ecc7b1278f ("[media] em28xx: add media controller support")
> Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>
Is this really a syzbot warning? If so it should be in the format:
Reported-by: syzbot+4c4ffd1e1094dae61035@syzkaller.appspotmail.com
Syzbot is different from syzkaller. Syzkaller is the fuzzer and syzbot
is the program which reports syzkaller bugs.
> ---
> drivers/media/usb/em28xx/em28xx-cards.c | 19 +++++++++++++------
> 1 file changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
> index c1e0dccb7408..fca68939ca50 100644
> --- a/drivers/media/usb/em28xx/em28xx-cards.c
> +++ b/drivers/media/usb/em28xx/em28xx-cards.c
> @@ -3625,8 +3625,10 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
>
There is no check to see if the em28xx_media_device_init() fails. I
don't love that we call unregister() to undo the init() but it seems
like it should work...
> if (dev->is_audio_only) {
> retval = em28xx_audio_setup(dev);
> - if (retval)
> - return -ENODEV;
> + if (retval) {
> + retval = -ENODEV;
This was in the original code, but probably we should preserve the
error code.
> + goto err_deinit_media;
> + }
regards,
dan carpenter
next prev parent reply other threads:[~2021-11-01 18:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-01 9:55 [PATCH] media: em28xx: fix memory leak in em28xx_init_dev Dongliang Mu
2021-11-01 18:32 ` Dan Carpenter [this message]
2021-11-01 19:28 ` Pavel Skripkin
2021-11-02 6:31 ` Dongliang Mu
2021-11-02 13:50 ` Dan Carpenter
2021-11-08 1:06 ` Dongliang Mu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211101183249.GA28019@kili \
--to=dan.carpenter@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=mudongliangabcd@gmail.com \
--cc=paskripkin@gmail.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.