ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-20 14:13:16 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
9745de82d5
openwrt/target/linux/bcm27xx/patches-6.1/950-0997-media-rp1-cfe-Fix-use-of-freed-memory-on-errors.patch
Marty Jones 2e715fb4fc bcm27xx: update 6.1 patches to latest version 
Add support for BCM2712 (Raspberry Pi 5).
3bb5880ab3
Patches were generated from the diff between linux kernel branch linux-6.1.y
and rpi-6.1.y from raspberry pi kernel source:
- git format-patch linux-6.1.y...rpi-6.1.y

Build system: x86_64
Build-tested: bcm2708, bcm2709, bcm2710, bcm2711
Run-tested: bcm2710/RPi3B, bcm2711/RPi4B

Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Remove applied and reverted patches, squash patches and config commits]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-01-25 17:46:45 +01:00

49 lines
1.4 KiB
Diff
Raw Blame History

From 3922bebc11fcc8459c798cfcb582828f9bbaa9e9 Mon Sep 17 00:00:00 2001
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Date: Thu, 28 Sep 2023 11:33:53 +0300
Subject: [PATCH] media: rp1: cfe: Fix use of freed memory on errors
cfe_probe_complete() calls cfe_put() on both success and fail code paths.
This works for the success path, but causes the cfe_device struct to be
freed, even if it will be used later in the teardown code.
Fix this by making the ref handling a bit saner: Let the video nodes
have the refs as they do now, but also keep a ref in the "main" driver,
released only at cfe_remove() time. This way the driver does not depend
on the video nodes keeping the refs.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
---
drivers/media/platform/raspberrypi/rp1_cfe/cfe.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
--- a/drivers/media/platform/raspberrypi/rp1_cfe/cfe.c
+++ b/drivers/media/platform/raspberrypi/rp1_cfe/cfe.c
@@ -1837,17 +1837,10 @@ static int cfe_probe_complete(struct cfe
goto unregister;
}
- /*
- * Release the initial reference, all references are now owned by the
- * video devices.
- */
- cfe_put(cfe);
return 0;
unregister:
cfe_unregister_nodes(cfe);
- cfe_put(cfe);
-
return ret;
}
@@ -2129,6 +2122,8 @@ static int cfe_remove(struct platform_de
v4l2_device_unregister(&cfe->v4l2_dev);
+ cfe_put(cfe);
+
return 0;
}
Reference in New Issue View Git Blame Copy Permalink