linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00

Linux kernel source tree

Go to file

Dan Carpenter 56320b1ad4 media: zr364xx: fix memory leaks in probe() [ Upstream commit `ea354b6ddd` ] Syzbot discovered that the probe error handling doesn't clean up the resources allocated in zr364xx_board_init(). There are several related bugs in this code so I have re-written the error handling. 1) Introduce a new function zr364xx_board_uninit() which cleans up the resources in zr364xx_board_init(). 2) In zr364xx_board_init() if the call to zr364xx_start_readpipe() fails then release the "cam->buffer.frame[i].lpvbits" memory before returning. This way every function either allocates everything successfully or it cleans up after itself. 3) Re-write the probe function so that each failure path goto frees the most recent allocation. That way we don't free anything before it has been allocated and we can also verify that everything is freed. 4) Originally, in the probe function the "cam->v4l2_dev.release" pointer was set to "zr364xx_release" near the start but I moved that assignment to the end, after everything had succeeded. The release function was never actually called during the probe cleanup process, but with this change I wanted to make it clear that we don't want to call zr364xx_release() until everything is allocated successfully. Next I re-wrote the zr364xx_release() function. Ideally this would have been a simple matter of copy and pasting the cleanup code from probe and adding an additional call to video_unregister_device(). But there are a couple quirks to note. 1) The probe function does not call videobuf_mmap_free() and I don't know where the videobuf_mmap is allocated. I left the code as-is to avoid introducing a bug in code I don't understand. 2) The zr364xx_board_uninit() has a call to zr364xx_stop_readpipe() which is a change from the original behavior with regards to unloading the driver. Calling zr364xx_stop_readpipe() on a stopped pipe is not a problem so this is safe and is potentially a bugfix. Reported-by: syzbot+b4d54814b339b5c6bbd4@syzkaller.appspotmail.com Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2021-08-26 08:35:33 -04:00
arch	KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)	2021-08-18 08:59:18 +02:00
block	blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()	2021-08-12 13:22:08 +02:00
certs	certs: add 'x509_revocation_list' to gitignore	2021-07-20 16:05:35 +02:00
crypto	crypto: sm2 - fix a memory leak in sm2	2021-07-14 16:56:06 +02:00
Documentation	Documentation: Fix intiramfs script name	2021-07-28 14:35:47 +02:00
drivers	media: zr364xx: fix memory leaks in probe()	2021-08-26 08:35:33 -04:00
fs	ceph: take snap_empty_lock atomically with snaprealm refcount change	2021-08-18 08:59:18 +02:00
include	vmlinux.lds.h: Handle clang's module.{c,d}tor sections	2021-08-18 08:59:18 +02:00
init	sched/core: Initialize the idle task with preemption disabled	2021-07-14 16:55:50 +02:00
ipc	ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry	2021-05-26 12:06:54 +02:00
kernel	genirq/timings: Prevent potential array overflow in __irq_timings_store()	2021-08-18 08:59:15 +02:00
lib	net: add kcov handle to skb extensions	2021-07-28 14:35:33 +02:00
LICENSES	LICENSES/deprecated: add Zlib license text	2020-09-16 14:33:49 +02:00
mm	memblock: make for_each_mem_range() traverse MEMBLOCK_HOTPLUG regions	2021-07-28 14:35:46 +02:00
net	vsock/virtio: avoid potential deadlock when vsock device remove	2021-08-18 08:59:14 +02:00
samples	samples/bpf: Fix the error return code of xdp_redirect's main()	2021-07-14 16:56:23 +02:00
scripts	scripts/tracing: fix the bug that can't parse raw_trace_func	2021-08-12 13:22:12 +02:00
security	bpf: Add lockdown check for probe_write_user helper	2021-08-15 14:00:25 +02:00
sound	ASoC: cs42l42: Fix LRCLK frame start edge	2021-08-18 08:59:09 +02:00
tools	libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT	2021-08-18 08:59:09 +02:00
usr	Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2020-08-07 13:29:39 -07:00
virt	KVM: Do not leak memory for duplicate debugfs directories	2021-08-12 13:22:17 +02:00
.clang-format	RDMA 5.10 pull request	2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	kbuild: generate Module.symvers only when vmlinux exists	2021-05-19 10:12:59 +02:00
.mailmap	mailmap: add two more addresses of Uwe Kleine-König	2020-12-06 10:19:07 -08:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Move Jason Cooper to CREDITS	2020-11-30 10:20:34 +01:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	f2fs: move ioctl interface definitions to separated file	2021-05-19 10:13:00 +02:00
Makefile	Linux 5.10.60	2021-08-18 08:59:19 +02:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.