Commit 1bb64194 authored by Anatolij Gustschin's avatar Anatolij Gustschin Committed by Mauro Carvalho Chehab

V4L/DVB: v4l2-dev: fix memory leak

Since commit b4028437
the 'driver_data' field resides in device's struct device_private
which may be allocated by dev_set_drvdata() if device_private
struct was not allocated previously.

dev_set_drvdata() is used in video_set_drvdata() to set
the driver's private data pointer in v4l2 drivers. Setting
the private data _before_ registering the v4l2 device results
in a memory leak since __video_register_device() also calls
video_set_drvdata(), but after zeroing the device structure.
Thus, the reference to the previously allocated device_private
struct goes lost and a new device_private will be allocated.

All v4l drivers which call video_set_drvdata() _before_
calling video_register_device() are affected. The patch fixes
__video_register_device() to preserve previously allocated
device_private reference.

Caught by kmemleak.
Signed-off-by: default avatarAnatolij Gustschin <agust@denx.de>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 2030c032
...@@ -410,7 +410,7 @@ static int __video_register_device(struct video_device *vdev, int type, int nr, ...@@ -410,7 +410,7 @@ static int __video_register_device(struct video_device *vdev, int type, int nr,
int minor_offset = 0; int minor_offset = 0;
int minor_cnt = VIDEO_NUM_DEVICES; int minor_cnt = VIDEO_NUM_DEVICES;
const char *name_base; const char *name_base;
void *priv = video_get_drvdata(vdev); void *priv = vdev->dev.p;
/* A minor value of -1 marks this video device as never /* A minor value of -1 marks this video device as never
having been registered */ having been registered */
...@@ -536,9 +536,9 @@ static int __video_register_device(struct video_device *vdev, int type, int nr, ...@@ -536,9 +536,9 @@ static int __video_register_device(struct video_device *vdev, int type, int nr,
/* Part 4: register the device with sysfs */ /* Part 4: register the device with sysfs */
memset(&vdev->dev, 0, sizeof(vdev->dev)); memset(&vdev->dev, 0, sizeof(vdev->dev));
/* The memset above cleared the device's drvdata, so /* The memset above cleared the device's device_private, so
put back the copy we made earlier. */ put back the copy we made earlier. */
video_set_drvdata(vdev, priv); vdev->dev.p = priv;
vdev->dev.class = &video_class; vdev->dev.class = &video_class;
vdev->dev.devt = MKDEV(VIDEO_MAJOR, vdev->minor); vdev->dev.devt = MKDEV(VIDEO_MAJOR, vdev->minor);
if (vdev->parent) if (vdev->parent)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment