From patchwork Thu Feb 9 13:52:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiasheng Jiang X-Patchwork-Id: 652240 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BA62C61DA4 for ; Thu, 9 Feb 2023 13:53:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230195AbjBINxC (ORCPT ); Thu, 9 Feb 2023 08:53:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53234 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229758AbjBINxB (ORCPT ); Thu, 9 Feb 2023 08:53:01 -0500 Received: from cstnet.cn (smtp81.cstnet.cn [159.226.251.81]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1FC297A81; Thu, 9 Feb 2023 05:52:58 -0800 (PST) Received: from localhost.localdomain (unknown [124.16.138.125]) by APP-03 (Coremail) with SMTP id rQCowABHTiat+uRjo3cXBA--.22229S2; Thu, 09 Feb 2023 21:52:45 +0800 (CST) From: Jiasheng Jiang To: angelogioacchino.delregno@collabora.com, mchehab@kernel.org, matthias.bgg@gmail.com, moudy.ho@mediatek.com, daoyuan.huang@mediatek.com, hverkuil-cisco@xs4all.nl Cc: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Jiasheng Jiang Subject: [PATCH v4] media: platform: mtk-mdp3: Add missing check and free for ida_alloc Date: Thu, 9 Feb 2023 21:52:45 +0800 Message-Id: <20230209135245.11203-1-jiasheng@iscas.ac.cn> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CM-TRANSID: rQCowABHTiat+uRjo3cXBA--.22229S2 X-Coremail-Antispam: 1UD129KBjvJXoW7uryUZFy8Kr4DAF4rKw45KFg_yoW8Xry3pr 4xKw47CFW5GrnrKF42y3WxuFW5ArnYgayUWFs7Z3yxZas0grsrCry5C3ZYvryktrW8Ja42 qr40vryfCr4YyaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvG14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26r1j6r1xM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j 6F4UM28EF7xvwVC2z280aVAFwI0_Cr1j6rxdM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Gr0_Cr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628v n2kIc2xKxwCY02Avz4vE14v_Xr4l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr 0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY 17CE14v26r1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcV C0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY 6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa 73UjIFyTuYvjfU1NVyUUUUU X-Originating-IP: [124.16.138.125] X-CM-SenderInfo: pmld2xxhqjqxpvfd2hldfou0/ Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org Add the check for the return value of the ida_alloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx->id" if mdp_m2m_open fails later in order to avoid memory leak. Fixes: 61890ccaefaf ("media: platform: mtk-mdp3: add MediaTek MDP3 driver") Signed-off-by: Jiasheng Jiang --- Changelog: v3 -> v4 1. Use ret to check the return value. v2 -> v3: 1. Fix the goto label. v1 -> v2: 1. Fix the check for the ida_alloc. --- drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c b/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c index 5f74ea3b7a52..8612a48bde10 100644 --- a/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c +++ b/drivers/media/platform/mediatek/mdp3/mtk-mdp3-m2m.c @@ -566,7 +566,11 @@ static int mdp_m2m_open(struct file *file) goto err_free_ctx; } - ctx->id = ida_alloc(&mdp->mdp_ida, GFP_KERNEL); + ret = ida_alloc(&mdp->mdp_ida, GFP_KERNEL); + if (ret < 0) + goto err_unlock_mutex; + ctx->id = ret; + ctx->mdp_dev = mdp; v4l2_fh_init(&ctx->fh, vdev); @@ -617,6 +621,8 @@ static int mdp_m2m_open(struct file *file) v4l2_fh_del(&ctx->fh); err_exit_fh: v4l2_fh_exit(&ctx->fh); + ida_free(&mdp->mdp_ida, ctx->id); +err_unlock_mutex: mutex_unlock(&mdp->m2m_lock); err_free_ctx: kfree(ctx);