The coverity checker detected a use-after-free error in
drivers/media/video/cpia2/cpia2_v4l.c::cpia2_close() (coverity
error #1281).
What happens is that we lock cam->busy_lock, then proceed to free
resources, and in the case of (--cam->open_count == 0) we finish off by
doing a kfree(cam) and then at the end of the function we do a
mutex_unlock(&cam->busy_lock) which will explode since it'll dereference
the free'd `cam' :
...
mutex_lock(&cam->busy_lock);
...
if (--cam->open_count == 0) {
...
if (!cam->present) {
video_unregister_device(dev);
kfree(cam);
}
}
mutex_unlock(&cam->busy_lock); <--- PROBLEM, cam no longer around.
...
Since this only happens in the case of open_count going down to zero I
don't see a problem with just releasing the mutex after unregistering the
device and just before the kfree(). In this case there is nothing around
that we can race against; we are in the release method, open_count is zero,
(!cam->present) and the device has just been unregistered, so letting go of
the mutex at this point looks safe to me.
Patch below to implement that solution.
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
The videodev.h and videodev2.h describe the public API for V4L and V4L2.
It shouldn't have there any kernel-specific stuff. Those were moved to
v4l2-dev.h.
This patch removes some uneeded headers and include v4l2-common.h on all
V4L driver. This header includes device implementation of V4L2 API provided
on v4l2-dev.h as well as V4L2 internal ioctls that provides connections
between master driver and its i2c devices.
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Fix address space warning (from sparse):
drivers/media/video/cpia2/cpia2_core.c:2355:6: error: symbol 'cpia2_read' redeclared with different type (originally declared at drivers/media/video/cpia2/cpia2.h:458) - incompatible argument 2 (different address spaces)
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
CONFIG_VIDEO_CPIA2=y, CONFIG_USB=n results in the following compile
<-- snip -->
...
LD .tmp_vmlinux1
drivers/built-in.o: In function `set_alternate':cpia2_usb.c:(.text+0x443aa2): undefined reference to `usb_set_interface'
drivers/built-in.o: In function `cpia2_usb_stream_resume': undefined reference to `usb_alloc_urb'
drivers/built-in.o: In function `cpia2_usb_stream_resume': undefined reference to `usb_submit_urb'
drivers/built-in.o: In function `cpia2_usb_stream_pause': undefined reference to `usb_kill_urb'
drivers/built-in.o: In function `cpia2_usb_stream_pause': undefined reference to `usb_free_urb'
drivers/built-in.o: In function `cpia2_usb_disconnect':cpia2_usb.c:(.text+0x443e14): undefined reference to `usb_driver_release_interface'
drivers/built-in.o: In function `cpia2_usb_transfer_cmd': undefined reference to `usb_control_msg'
drivers/built-in.o: In function `cpia2_usb_transfer_cmd': undefined reference to `usb_control_msg'
drivers/built-in.o: In function `cpia2_usb_complete':cpia2_usb.c:(.text+0x444836): undefined reference to `usb_submit_urb'
drivers/built-in.o: In function `cpia2_usb_cleanup': undefined reference to `usb_deregister'
drivers/built-in.o: In function `cpia2_usb_init': undefined reference to `usb_register_driver'
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Typos grab bag of the month.
Eyeballed by jmc@ in OpenBSD.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
- make 2 needlessly global functions static
- remove cpia2_setup(): the driver already allows setting parameters
through module_param(), and there's no reason for having two different
ways for setting the same parameters
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
There has been a CPIA2 driver out of kernel for a long time and it has
been pretty clean for some time too. This is an import of the
sourceforge driver which has been stripped of
- 2.4 back compatibility
- 2.4 old style MJPEG ioctls
A couple of functions have been made static and the docs have been
repackaged into Documentation/video4linux. The rvmalloc/free functions now
match the cpia driver again. Other than that this is the code as is.
Tested on x86-64 with a QX5 microscope.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
