From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 670E2C2BA19 for ; Wed, 15 Apr 2020 23:28:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4542A20732 for ; Wed, 15 Apr 2020 23:28:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="B7RqrbPG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389436AbgDOX2x (ORCPT ); Wed, 15 Apr 2020 19:28:53 -0400 Received: from hqnvemgate26.nvidia.com ([216.228.121.65]:3970 "EHLO hqnvemgate26.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389251AbgDOX2r (ORCPT ); Wed, 15 Apr 2020 19:28:47 -0400 Received: from hqpgpgate101.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate26.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA) id ; Wed, 15 Apr 2020 16:28:32 -0700 Received: from hqmail.nvidia.com ([172.20.161.6]) by hqpgpgate101.nvidia.com (PGP Universal service); Wed, 15 Apr 2020 16:28:45 -0700 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Wed, 15 Apr 2020 16:28:45 -0700 Received: from DRHQMAIL107.nvidia.com (10.27.9.16) by HQMAIL111.nvidia.com (172.20.187.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 Apr 2020 23:28:44 +0000 Received: from [10.2.171.241] (10.124.1.5) by DRHQMAIL107.nvidia.com (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 Apr 2020 23:28:43 +0000 Subject: Re: [RFC PATCH v7 6/9] media: tegra: Add Tegra210 Video input driver From: Sowjanya Komatineni To: Dmitry Osipenko CC: , , , , , , , , , , , References: <1586919463-30542-1-git-send-email-skomatineni@nvidia.com> <1586919463-30542-7-git-send-email-skomatineni@nvidia.com> <4118112f-f865-5460-6319-d71271fd78d1@gmail.com> <6afa951e-d904-f3c0-053f-82a02fb18979@nvidia.com> <5954a7e1-910e-7f48-56d3-e671b56ead74@nvidia.com> <786949a9-8507-7723-f29b-b91a216bfd28@nvidia.com> <2ad9352f-cb65-1643-e540-a21f9c570266@nvidia.com> <31924f2b-8f85-d28d-4f5d-4e232bff94a5@nvidia.com> Message-ID: Date: Wed, 15 Apr 2020 16:28:42 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <31924f2b-8f85-d28d-4f5d-4e232bff94a5@nvidia.com> X-Originating-IP: [10.124.1.5] X-ClientProxiedBy: HQMAIL105.nvidia.com (172.20.187.12) To DRHQMAIL107.nvidia.com (10.27.9.16) Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-US DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1586993312; bh=ICREte8mX5YUPIFrhY1710Iw4rpBoVPzTv3ozhTn9IQ=; h=X-PGP-Universal:Subject:From:To:CC:References:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:X-Originating-IP: X-ClientProxiedBy:Content-Type:Content-Transfer-Encoding: Content-Language; b=B7RqrbPG3SxfbK/LMSLj3LRx5OE7G4VnGv/9K9BbpYBLlc/c02latfD7klMQQPpsW DmK2qBDQKXnxZJaj2iBMOIwxaoouNqh9xnFAPa3t++oo3qFYKg7yCbiNFtFZInI6vV 86Pu5hHJwoW3NyGu4pUHDdZ3YqsjGuaz/WevEHFlh/FYN8W4UMSsO7cd6YORRROL1C umfret7nuupHVgHkJzBEO/wbs6cE819Nips86flhMuaDD2E3wdXYjNpEFk1+cdTPG0 0Xn6EHqr+5WbRkj8XtpqiniD3lXxL/cckKNArjHhx4Yd1WiTCrDBHffmFUBPODdPXN fMIj6L5A/Hh3A== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sorry please ignore. We can't free vi during v4l2 device release as when no device nodes are=20 opened, vi free happens right away during host1x_video_remove. With this tegra-video driver unbind ->bind will not work as vi memory=20 allocated during vi_probe gets freed during v4l2 device release so=20 during bind init() callback execution will crash as vi got freed while=20 vi driver is still bound to device. Will wait for Hans/Thierry comments as I see dependency depending on=20 where unbind/bind happens. On 4/15/20 4:08 PM, Sowjanya Komatineni wrote: > With minor change of not using vi reference after=20 > host1x_client_unregister and freeing vi during v4l2 device release works. > > For csi, we can use devm_kzalloc for now untill we decide later if we=20 > want to expose async subdev nodes during sensor support. > > Will have this fix in v8 with a comment in vi_remove to make sure not=20 > to use vi reference after host1x_client_unregister. > > Will test more and will release v8 with above fix to allow direct=20 > host1x client driver unbind. > > Thanks > > sowjanya > > > On 4/15/20 12:51 PM, Sowjanya Komatineni wrote: >> >> On 4/15/20 12:21 PM, Dmitry Osipenko wrote: >>> External email: Use caution opening links or attachments >>> >>> >>> 15.04.2020 21:53, Sowjanya Komatineni =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >>> ... >>>>>>>>>> Have you tried to test this driver under KASAN? I suspect that >>>>>>>>>> you just >>>>>>>>>> masked the problem, instead of fixing it. >>>> Tested with kmemleak scan and did not see any memory leaks >>> You should get use-after-free and not memleak. >> I don't see use-after-free bugs during the testing. >> >> But as mentioned when direct vi/csi client driver unbind happens=20 >> while video device node is kept opened, vi driver remove will free vi=20 >> structure memory but actual video device memory which is part of=20 >> channels remains but list head gets lost when vi structure is freed. >> >> So, when device node is released and executes release callback as=20 >> list head is lost it can't free allocated channels which is not good. >> >> This happens only with direct host1x client vi/csi driver unbind. >> >> Need to find better place to free host1x client driver data structure=20 >> to allow direct client driver unbind->bind. >>