From: Pavel Skripkin <paskripkin@gmail.com>
To: Robert Schlabbach <Robert.Schlabbach@gmx.net>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Cc: linux-media@vger.kernel.org
Subject: Re: Kernel hangs after DVB patch from July 2021 with Hauppauge WinTV dualHD
Date: Sat, 18 Dec 2021 23:51:19 +0300 [thread overview]
Message-ID: <bcd3265f-9a63-ca40-bdf9-ef7bc671f5d1@gmail.com> (raw)
In-Reply-To: <trinity-7eee9e9d-525d-4c2b-9346-53f362c89264-1639859596666@3c-app-gmx-bap71>
On 12/18/21 23:33, Robert Schlabbach wrote:
>> Such patch should actually be fixing a use-after-free on disconnect.
>
> I wonder if it's the right thing to do, though, because if you look into the em28xx_close_extension() function in em28xx-core.c:
>
> if (ops->fini) {
> if (dev->dev_next)
> ops->fini(dev->dev_next);
> ops->fini(dev);
> }
>
> So doing this in em28xx_cards.c:
>
> em28xx_close_extension(dev);
>
> if (dev->dev_next) {
> em28xx_close_extension(dev->dev_next);
> em28xx_release_resources(dev->dev_next);
> }
>
> will end up calling ops->fini() twice on dev->dev_next, no matter in which order you put the calls.
>
I don't see any problem in calling ->fini() twice. I see only 4 ->fini()
variants and of them have guards against double free.
I've checked out if there possible kref unbalance, but ->init() is also
called 2 times: em28xx_register_extension() and em28xx_init_extension().
> So it looks prone to double-free, but at least em28xx_dvb_fini() in em28xx_dvb.c guards against that by NULLing the dev->dvb pointer after free and checking the pointer at entry.
>
> Still, there are redundant calls here. I think a decision should be made whether dev->dev_next is taken care of in em28xx-core.c or in em28xx-cards.c, and the code then be made consistent accordingly.
>
Agree. Some kind of refactoring should be done :)
With regards,
Pavel Skripkin
next prev parent reply other threads:[~2021-12-18 20:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-18 1:09 Kernel hangs after DVB patch from July 2021 with Hauppauge WinTV dualHD Maximilian Böhm
2021-12-18 9:15 ` Mauro Carvalho Chehab
2021-12-18 14:23 ` Pavel Skripkin
2021-12-18 22:50 ` Maximilian Böhm
2021-12-20 14:39 ` Pavel Skripkin
2022-01-04 17:22 ` Maximilian Böhm
2022-01-04 17:31 ` Pavel Skripkin
2022-01-04 17:58 ` Maximilian Böhm
2022-01-06 11:54 ` Pavel Skripkin
2022-01-06 11:57 ` Pavel Skripkin
2022-01-20 19:29 ` Maximilian Böhm
2022-01-20 19:37 ` [PATCH] Revert "media: em28xx: add missing em28xx_close_extension" Pavel Skripkin
2022-01-21 18:30 ` Maximilian Böhm
2022-01-20 19:42 ` Kernel hangs after DVB patch from July 2021 with Hauppauge WinTV dualHD Pavel Skripkin
2022-02-17 11:14 ` Hans Verkuil
2022-02-18 0:16 ` Maximilian Böhm
2022-02-18 7:58 ` Hans Verkuil
2021-12-18 20:33 ` Robert Schlabbach
2021-12-18 20:51 ` Pavel Skripkin [this message]
2021-12-18 23:19 ` Maximilian Böhm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bcd3265f-9a63-ca40-bdf9-ef7bc671f5d1@gmail.com \
--to=paskripkin@gmail.com \
--cc=Robert.Schlabbach@gmx.net \
--cc=linux-media@vger.kernel.org \
--cc=mchehab+huawei@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.