mirror of
https://github.com/Ysurac/openmptcprouter.git
synced 2025-03-09 15:40:20 +00:00
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
From 522b3d51ff7c3206f2b38bacbc0f26a2076b2e85 Mon Sep 17 00:00:00 2001
|
|
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
|
|
Date: Thu, 28 Sep 2023 11:33:53 +0300
|
|
Subject: [PATCH] media: rp1: cfe: Fix use of freed memory on errors
|
|
|
|
cfe_probe_complete() calls cfe_put() on both success and fail code paths.
|
|
This works for the success path, but causes the cfe_device struct to be
|
|
freed, even if it will be used later in the teardown code.
|
|
|
|
Fix this by making the ref handling a bit saner: Let the video nodes
|
|
have the refs as they do now, but also keep a ref in the "main" driver,
|
|
released only at cfe_remove() time. This way the driver does not depend
|
|
on the video nodes keeping the refs.
|
|
|
|
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
|
|
---
|
|
drivers/media/platform/raspberrypi/rp1_cfe/cfe.c | 9 ++-------
|
|
1 file changed, 2 insertions(+), 7 deletions(-)
|
|
|
|
--- a/drivers/media/platform/raspberrypi/rp1_cfe/cfe.c
|
|
+++ b/drivers/media/platform/raspberrypi/rp1_cfe/cfe.c
|
|
@@ -1837,17 +1837,10 @@ static int cfe_probe_complete(struct cfe
|
|
goto unregister;
|
|
}
|
|
|
|
- /*
|
|
- * Release the initial reference, all references are now owned by the
|
|
- * video devices.
|
|
- */
|
|
- cfe_put(cfe);
|
|
return 0;
|
|
|
|
unregister:
|
|
cfe_unregister_nodes(cfe);
|
|
- cfe_put(cfe);
|
|
-
|
|
return ret;
|
|
}
|
|
|
|
@@ -2129,6 +2122,8 @@ static int cfe_remove(struct platform_de
|
|
|
|
v4l2_device_unregister(&cfe->v4l2_dev);
|
|
|
|
+ cfe_put(cfe);
|
|
+
|
|
return 0;
|
|
}
|
|
|