1. 11 Jan, 2016 5 commits
  2. 23 Dec, 2015 16 commits
  3. 21 Dec, 2015 2 commits
    • Mauro Carvalho Chehab's avatar
      [media] au8522: Avoid memory leak for device config data · aa37763f
      Mauro Carvalho Chehab authored
      As reported by kmemleak:
      
      	unreferenced object 0xffff880321e1da40 (size 32):
      	  comm "modprobe", pid 3309, jiffies 4295019569 (age 2359.636s)
      	  hex dump (first 32 bytes):
      	    47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  G...............
      	    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      	  backtrace:
      	    [<ffffffff82278c8e>] kmemleak_alloc+0x4e/0xb0
      	    [<ffffffff8153c08c>] kmem_cache_alloc_trace+0x1ec/0x280
      	    [<ffffffffa13a896a>] au8522_probe+0x19a/0xa30 [au8522_decoder]
      	    [<ffffffff81de0032>] i2c_device_probe+0x2b2/0x490
      	    [<ffffffff81ca7004>] driver_probe_device+0x454/0xd90
      	    [<ffffffff81ca7c1b>] __device_attach_driver+0x17b/0x230
      	    [<ffffffff81ca15da>] bus_for_each_drv+0x11a/0x1b0
      	    [<ffffffff81ca6a4d>] __device_attach+0x1cd/0x2c0
      	    [<ffffffff81ca7d43>] device_initial_probe+0x13/0x20
      	    [<ffffffff81ca451f>] bus_probe_device+0x1af/0x250
      	    [<ffffffff81c9e0f3>] device_add+0x943/0x13b0
      	    [<ffffffff81c9eb7a>] device_register+0x1a/0x20
      	    [<ffffffff81de8626>] i2c_new_device+0x5d6/0x8f0
      	    [<ffffffffa0d88ea4>] v4l2_i2c_new_subdev_board+0x1e4/0x250 [v4l2_common]
      	    [<ffffffffa0d88fe7>] v4l2_i2c_new_subdev+0xd7/0x110 [v4l2_common]
      	    [<ffffffffa13b2f76>] au0828_card_analog_fe_setup+0x2e6/0x3f0 [au0828]
      
      Checking where the error happens:
      	(gdb) list *au8522_probe+0x19a
      	0x99a is in au8522_probe (drivers/media/dvb-frontends/au8522_decoder.c:761).
      	756			printk(KERN_INFO "au8522_decoder attach existing instance.\n");
      	757			break;
      	758		}
      	759
      	760		demod_config = kzalloc(sizeof(struct au8522_config), GFP_KERNEL);
      	761		if (demod_config == NULL) {
      	762			if (instance == 1)
      	763				kfree(state);
      	764			return -ENOMEM;
      	765		}
      
      Shows that the error path is not being handled properly.
      
      The are actually several issues here:
      
      1) config free should have been calling hybrid_tuner_release_state()
      function, by calling au8522_release_state();
      
      2) config is only allocated at the digital part. On the analog one,
      it is received from the caller.
      
      A complex logic could be added to address it, however, it is simpler
      to just embeed config inside the state.
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
      aa37763f
    • Mauro Carvalho Chehab's avatar
      [media] ir-lirc-codec.c: don't leak lirc->drv-rbuf · c77adf21
      Mauro Carvalho Chehab authored
      As reported by kmemleak:
      
      	unreferenced object 0xffff8802adae0ba0 (size 192):
      	  comm "modprobe", pid 3024, jiffies 4296503588 (age 324.368s)
      	  hex dump (first 32 bytes):
      	    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
      	    ff ff ff ff ff ff ff ff c0 48 25 a0 ff ff ff ff  .........H%.....
      	  backtrace:
      	    [<ffffffff82278c8e>] kmemleak_alloc+0x4e/0xb0
      	    [<ffffffff8153c08c>] kmem_cache_alloc_trace+0x1ec/0x280
      	    [<ffffffffa0250f0d>] ir_lirc_register+0x8d/0x7a0 [ir_lirc_codec]
      	    [<ffffffffa07372b8>] ir_raw_event_register+0x318/0x4b0 [rc_core]
      	    [<ffffffffa07351ed>] rc_register_device+0xf2d/0x1450 [rc_core]
      	    [<ffffffffa13c5451>] au0828_rc_register+0x7d1/0xa10 [au0828]
      	    [<ffffffffa13b0dc2>] au0828_usb_probe+0x6c2/0xcf0 [au0828]
      	    [<ffffffff81d7619d>] usb_probe_interface+0x45d/0x940
      	    [<ffffffff81ca7004>] driver_probe_device+0x454/0xd90
      	    [<ffffffff81ca7a61>] __driver_attach+0x121/0x160
      	    [<ffffffff81ca141f>] bus_for_each_dev+0x11f/0x1a0
      	    [<ffffffff81ca5d4d>] driver_attach+0x3d/0x50
      	    [<ffffffff81ca5039>] bus_add_driver+0x4c9/0x770
      	    [<ffffffff81ca944c>] driver_register+0x18c/0x3b0
      	    [<ffffffff81d71e58>] usb_register_driver+0x1f8/0x440
      	    [<ffffffffa13680b7>] 0xffffffffa13680b7
      
      	0xf3d is in ir_lirc_register (drivers/media/rc/ir-lirc-codec.c:348).
      	343		drv = kzalloc(sizeof(struct lirc_driver), GFP_KERNEL);
      	344		if (!drv)
      	345			return rc;
      	346
      	347		rbuf = kzalloc(sizeof(struct lirc_buffer), GFP_KERNEL);
      	348		if (!rbuf)
      	349			goto rbuf_alloc_failed;
      	350
      	351		rc = lirc_buffer_init(rbuf, sizeof(int), LIRCBUF_SIZE);
      	352		if (rc)
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@osg.samsung.com>
      c77adf21
  4. 18 Dec, 2015 17 commits