From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C37A2C432C0 for ; Mon, 2 Dec 2019 10:31:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 98D8F206F0 for ; Mon, 2 Dec 2019 10:31:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="lW8yAxXH" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727465AbfLBKbQ (ORCPT ); Mon, 2 Dec 2019 05:31:16 -0500 Received: from mail-wm1-f67.google.com ([209.85.128.67]:52481 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727366AbfLBKbQ (ORCPT ); Mon, 2 Dec 2019 05:31:16 -0500 Received: by mail-wm1-f67.google.com with SMTP id p9so6157311wmc.2 for ; Mon, 02 Dec 2019 02:31:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=eFBFGv//5UKtfgO4bFKkyNYQ6cGLJVbXdL6jceejJm8=; b=lW8yAxXH4zi4M/hvk9KeDdBoZMCYUOMLZIdhW7BvUuXAttcVTc/RPkPZIZe76elInO gbcnrMAO5EgV0B+TkTcUnHeTGbonQ1auQYWunEKlX/dqnEmG+kXKzpiWQ4eNchncjTKU scvpe4avMcGDklJzTNcAsnEXL3hpkHrOAzmiD43rwfzLcpopCjwWpjMCXvKn/p9aR0Xr 7EkiBie9VrunVBM382X5iIQrnXseCDkKTu5BffhCI0o4xib5XHQn4+PPSo63D4iq1yBV oJSRL9YRruSv6CJV4/XDodnufkAxmt1QCALMKuMGI4wPS7dl/5chm5tYQaQm/JAGjSHT irEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eFBFGv//5UKtfgO4bFKkyNYQ6cGLJVbXdL6jceejJm8=; b=UrzSieaQypd/i5+XJn8yt5urLjzhQfJCDBiuft0sUDuRfBnczTT3Emda5nhl5mqrn5 YUKeIhRXY5cttas2VdKA6dfhgi5eAh3QiNVDiu1tLmgv0CZiEf3YtoeZsGh8a8es72pf VOOhODY5s+tGlQFUxgUrQHrn9QzLNMw0zGhX+Ay1jXbu9I/bMktjxglqlaIHOt0QePAK oWMina0p3+Ut4qqJp3HLUTVU5UkT52yATPcq85O9yOVbGHqH/I5KF2qjFRwfMgbyiMKK DgcWf0LiW6RzamFV9gqGGewAei1Lx2VCBz6rpasY1++wjuO9xFvqODo1B18i1P43xUzg RZYg== X-Gm-Message-State: APjAAAVkQUgIPagJJQqAnBpX+u0O4x2xpa5cGt2pGmRaoQbCMEV5K3MK whHgjg7HkhuJF30SsUQLdzzETSFOcZ4= X-Google-Smtp-Source: APXvYqybMAbjwvb8zKvuBNdxnkWXcBoICugjBEsWeXDn65ptW0IpC/QgJkD+BTN963LsgQgPYgSb8Q== X-Received: by 2002:a1c:5451:: with SMTP id p17mr17281456wmi.57.1575282673781; Mon, 02 Dec 2019 02:31:13 -0800 (PST) Received: from localhost.localdomain ([2.27.35.155]) by smtp.gmail.com with ESMTPSA id r6sm26402860wrq.92.2019.12.02.02.31.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2019 02:31:13 -0800 (PST) From: Lee Jones To: stable@vger.kernel.org Subject: [PATCH 4.19 08/15] media: atmel: atmel-isc: fix asd memory allocation Date: Mon, 2 Dec 2019 10:30:43 +0000 Message-Id: <20191202103050.2668-8-lee.jones@linaro.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191202103050.2668-1-lee.jones@linaro.org> References: <20191202103050.2668-1-lee.jones@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eugen Hristev [ Upstream commit 1e4e25c4959c10728fbfcc6a286f9503d32dfe02 ] The subsystem will free the asd memory on notifier cleanup, if the asd is added to the notifier. However the memory is freed using kfree. Thus, we cannot allocate the asd using devm_* This can lead to crashes and problems. To test this issue, just return an error at probe, but cleanup the notifier beforehand. Fixes: 106267444f ("[media] atmel-isc: add the Image Sensor Controller code") Signed-off-by: Eugen Hristev Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Lee Jones --- drivers/media/platform/atmel/atmel-isc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/atmel/atmel-isc.c b/drivers/media/platform/atmel/atmel-isc.c index d89e14524d42..f2b09ea107b1 100644 --- a/drivers/media/platform/atmel/atmel-isc.c +++ b/drivers/media/platform/atmel/atmel-isc.c @@ -2062,8 +2062,11 @@ static int isc_parse_dt(struct device *dev, struct isc_device *isc) break; } - subdev_entity->asd = devm_kzalloc(dev, - sizeof(*subdev_entity->asd), GFP_KERNEL); + /* asd will be freed by the subsystem once it's added to the + * notifier list + */ + subdev_entity->asd = kzalloc(sizeof(*subdev_entity->asd), + GFP_KERNEL); if (!subdev_entity->asd) { of_node_put(rem); ret = -ENOMEM; @@ -2209,6 +2212,7 @@ static int atmel_isc_probe(struct platform_device *pdev) &subdev_entity->notifier); if (ret) { dev_err(dev, "fail to register async notifier\n"); + kfree(subdev_entity->asd); goto cleanup_subdev; } -- 2.24.0