From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Dongliang Mu <mudongliangabcd@gmail.com>,
syzbot+77b432d57c4791183ed4@syzkaller.appspotmail.com,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Sasha Levin <sashal@kernel.org>,
isely@pobox.com, linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 5.10 20/46] media: pvrusb2: fix memory leak in pvr_probe
Date: Thu, 11 Aug 2022 12:03:44 -0400 [thread overview]
Message-ID: <20220811160421.1539956-20-sashal@kernel.org> (raw)
In-Reply-To: <20220811160421.1539956-1-sashal@kernel.org>
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 945a9a8e448b65bec055d37eba58f711b39f66f0 ]
The error handling code in pvr2_hdw_create forgets to unregister the
v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create,
it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL,
which leads to that pvr2_hdw_destroy directly returns.
Fix this by adding v4l2_device_unregister to decrease the refcount of
usb interface.
Reported-by: syzbot+77b432d57c4791183ed4@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
index fccd1798445d..d22ce328a279 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
@@ -2610,6 +2610,7 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf,
del_timer_sync(&hdw->encoder_run_timer);
del_timer_sync(&hdw->encoder_wait_timer);
flush_work(&hdw->workpoll);
+ v4l2_device_unregister(&hdw->v4l2_dev);
usb_free_urb(hdw->ctl_read_urb);
usb_free_urb(hdw->ctl_write_urb);
kfree(hdw->ctl_read_buffer);
--
2.35.1
next prev parent reply other threads:[~2022-08-11 16:26 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-11 16:03 [PATCH AUTOSEL 5.10 01/46] drm/r128: Fix undefined behavior due to shift overflowing the constant Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 02/46] ath10k: htt_tx: do not interpret Eth frames as WiFi Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 03/46] ath10k: fix misreported tx bandwidth for 160Mhz Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 04/46] drm/nouveau: clear output poll workers before nouveau_fbcon_destroy() Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 05/46] drm/panfrost: Handle HW_ISSUE_TTRX_2968_TTRX_3162 Sasha Levin
2022-08-13 13:44 ` Pavel Machek
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 06/46] drm/panfrost: Don't set L2_MMU_CONFIG quirks Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 07/46] ath10k: fix regdomain info of iw reg set/get Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 08/46] drm/amd/display: Detect dpcd_rev when hotplug mst monitor Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 09/46] drm/amd/display: Fix dpp dto for disabled pipes Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 10/46] drm/radeon: integer overflow in radeon_mode_dumb_create() Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 11/46] drm/radeon: Initialize fences array entries in radeon_sa_bo_next_hole Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 12/46] udmabuf: Set the DMA mask for the udmabuf device (v2) Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 13/46] net/mlx5: Add HW definitions of vport debug counters Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 14/46] drm/amd/display: Fix monitor flash issue Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 15/46] selftests: mlxsw: resource_scale: Allow skipping a test Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 16/46] net: dsa: ar9331: fix potential dead lock on mdio access Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 17/46] media: davinci: vpif: add missing of_node_put() in vpif_probe() Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 18/46] media: mediatek: vcodec: prevent kernel crash when scp ipi timeout Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 19/46] media: airspy: respect the DMA coherency rules Sasha Levin
2022-08-11 16:03 ` Sasha Levin [this message]
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 21/46] rcu: Apply noinstr to rcu_idle_enter() and rcu_idle_exit() Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 22/46] drm/bridge/tc358775: Fix DSI clock division for vsync delay calculation Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 23/46] uprobe: gate bpf call behind BPF_EVENTS Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 24/46] rcuscale: Fix smp_processor_id()-in-preemptible warnings Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 25/46] mlxsw: cmd: Increase 'config_profile.flood_mode' length Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 26/46] media: atmel: atmel-isc-base: allow wb ctrls to be changed when isc is not configured Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 27/46] kselftests: Enable the echo command to print newlines in Makefile Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 28/46] ipv6/addrconf: fix timing bug in tempaddr regen Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 29/46] drm/amdgpu/display/dc: Fix null pointer exception Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 30/46] crypto: vmx - Fix warning on p8_ghash_alg Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 31/46] drm/nouveau/nvkm: use list_add_tail() when building object tree Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 32/46] crypto: ccree - Add missing clk_disable_unprepare() in cc_pm_resume() Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 33/46] bpf: Fix check against plain integer v 'NULL' Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 34/46] media: rkisp1: Disable runtime PM in probe error path Sasha Levin
2022-08-11 16:03 ` [PATCH AUTOSEL 5.10 35/46] bpf: Don't redirect packets with invalid pkt_len Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 36/46] can: sja1000: Add Quirk for RZ/N1 SJA1000 CAN controller Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 37/46] net/cdc_ncm: Increase NTB max RX/TX values to 64kb Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 38/46] Bluetooth: hci_bcm: Add BCM4349B1 variant Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 39/46] Bluetooth: Collect kcov coverage from hci_rx_work Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 40/46] bpf/selftests: Fix couldn't retrieve pinned program in xdp veth test Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 41/46] net: ethernet: stmicro: stmmac: first disable all queues and disconnect in release Sasha Levin
2022-08-11 16:04 ` [PATCH AUTOSEL 5.10 42/46] wifi: rtl8xxxu: Fix the error handling of the probe function Sasha Levin
2022-08-12 19:06 ` [PATCH AUTOSEL 5.10 01/46] drm/r128: Fix undefined behavior due to shift overflowing the constant Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220811160421.1539956-20-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=isely@pobox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=mudongliangabcd@gmail.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+77b432d57c4791183ed4@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox