Re: tw686x driver (continued)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ezequiel,

(sorry didn't include linux-media in first email)
I'm not sure yet if I have my supervisor's permission to declare our tool as open source, but I'll tell you the possible code paths that I think may be leading our tool to think what it's thinking.

First off, it detects a write access to desc->virt without locks inside tw686x_memcpy_data_free, after it is called in the calling chain tw686x_probe -> allocate an interrupt line -> tw686x_video_init -> tw686x_set_format -> tw686x_memcpy_dma_free. Further, spin_lock_init(&dev->lock) (line 319 of tw686x-core.c) isn't correspondingly closed in the function. Is this intended?

Second, there is a possibility according to how I have traced a call chain that tw686x_init is going to the error: label since tw686x_memcpy_dma_free is getting called inside another possible calling chain, going tw686x_init -> tw686x_video_free (error: label) -> dma_ops->free (i.e. tw686x_memcpy_dma_free). I would assume this would not be intended either.

In addition, our tool detects a read access without locks to desc->virt inside tw686x_audio_irq (line 72 of tw686x-audio.c). Not sure what you make of that, but I'd be keen on hearing about that as well from you.

Thank you in advance,

Mark



[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux