re: [media] media-entity: protect object creation/removal using spin lock

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

* re: [media] media-entity: protect object creation/removal using spin lock
@ 2015-12-14 19:50 Dan Carpenter
  2015-12-14 20:00 ` Mauro Carvalho Chehab
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2015-12-14 19:50 UTC (permalink / raw)
  To: mchehab; +Cc: linux-media

Hello Mauro Carvalho Chehab,

The patch f8fd4c61b5ae: "[media] media-entity: protect object
creation/removal using spin lock" from Dec 9, 2015, leads to the
following static checker warning:

	drivers/media/media-entity.c:781 media_remove_intf_link()
	error: dereferencing freed memory 'link'

drivers/media/media-entity.c
   777  void media_remove_intf_link(struct media_link *link)
   778  {
   779          spin_lock(&link->graph_obj.mdev->lock);
   780          __media_remove_intf_link(link);
   781          spin_unlock(&link->graph_obj.mdev->lock);

Do we need this unlock any more?  Haven't we freed the lock on the
previous line?

   782  }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [media] media-entity: protect object creation/removal using spin lock
  2015-12-14 19:50 [media] media-entity: protect object creation/removal using spin lock Dan Carpenter
@ 2015-12-14 20:00 ` Mauro Carvalho Chehab
  2015-12-14 20:04   ` Dan Carpenter
  0 siblings, 1 reply; 4+ messages in thread
From: Mauro Carvalho Chehab @ 2015-12-14 20:00 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-media

Em Mon, 14 Dec 2015 22:50:53 +0300
Dan Carpenter <dan.carpenter@oracle.com> escreveu:

> Hello Mauro Carvalho Chehab,
> 
> The patch f8fd4c61b5ae: "[media] media-entity: protect object
> creation/removal using spin lock" from Dec 9, 2015, leads to the
> following static checker warning:
> 
> 	drivers/media/media-entity.c:781 media_remove_intf_link()
> 	error: dereferencing freed memory 'link'
> 
> drivers/media/media-entity.c
>    777  void media_remove_intf_link(struct media_link *link)
>    778  {
>    779          spin_lock(&link->graph_obj.mdev->lock);
>    780          __media_remove_intf_link(link);
>    781          spin_unlock(&link->graph_obj.mdev->lock);

Thanks for pointing it!

> 
> Do we need this unlock any more? 

Yes.

> Haven't we freed the lock on the previous line?

No. The lock is at the media_device struct, with is not freed here.

What we actually need is to cache mdev:

	struct media_device *mdev = link->graph_obj.mdev;

	spin_lock(&mdev->lock)
	__media_remove_intf_link(link);
	spin_unlock(&mdev->lock)


Probably the same thing is needed on other similar logic.

I guess gcc optimizer actually does the right thing, but we should
fix it to remove the static analyzer warnings.

Regards,
Mauro

> 
>    782  }
> 
> regards,
> dan carpenter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [media] media-entity: protect object creation/removal using spin lock
  2015-12-14 20:00 ` Mauro Carvalho Chehab
@ 2015-12-14 20:04   ` Dan Carpenter
  2015-12-14 22:38     ` Mauro Carvalho Chehab
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2015-12-14 20:04 UTC (permalink / raw)
  To: Mauro Carvalho Chehab; +Cc: linux-media

On Mon, Dec 14, 2015 at 06:00:52PM -0200, Mauro Carvalho Chehab wrote:
> I guess gcc optimizer actually does the right thing, but we should
> fix it to remove the static analyzer warnings.

It probably crashes if you enable poisoning freed memory?  (I haven't
tested).

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [media] media-entity: protect object creation/removal using spin lock
  2015-12-14 20:04   ` Dan Carpenter
@ 2015-12-14 22:38     ` Mauro Carvalho Chehab
  0 siblings, 0 replies; 4+ messages in thread
From: Mauro Carvalho Chehab @ 2015-12-14 22:38 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-media

Em Mon, 14 Dec 2015 23:04:34 +0300
Dan Carpenter <dan.carpenter@oracle.com> escreveu:

> On Mon, Dec 14, 2015 at 06:00:52PM -0200, Mauro Carvalho Chehab wrote:
> > I guess gcc optimizer actually does the right thing, but we should
> > fix it to remove the static analyzer warnings.
> 
> It probably crashes if you enable poisoning freed memory?  (I haven't
> tested).

I tested with KASAN: when I made such patch: it worked fine.
I suspect that gcc optimized the code to cache the value. Anyway, 
this should be fixed.

Thanks for pointing the issue!

Regards,
Mauro

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-12-14 22:38 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-14 19:50 [media] media-entity: protect object creation/removal using spin lock Dan Carpenter
2015-12-14 20:00 ` Mauro Carvalho Chehab
2015-12-14 20:04   ` Dan Carpenter
2015-12-14 22:38     ` Mauro Carvalho Chehab

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox