Hi Mark, On Wed, 24 Jul 2019 at 09:25, Mark Balançian <mbalant3@xxxxxxxxx> wrote: > > Hi Ezequiel, > > (sorry didn't include linux-media in first email) > I'm not sure yet if I have my supervisor's permission to declare our > tool as open source, but I'll tell you the possible code paths that I > think may be leading our tool to think what it's thinking. > > First off, it detects a write access to desc->virt without locks inside > tw686x_memcpy_data_free, after it is called in the calling chain > tw686x_probe -> allocate an interrupt line -> tw686x_video_init -> > tw686x_set_format -> tw686x_memcpy_dma_free. Further, > spin_lock_init(&dev->lock) (line 319 of tw686x-core.c) isn't > correspondingly closed in the function. Is this intended? > Yes, it is intended. > Second, there is a possibility according to how I have traced a call > chain that tw686x_init is going to the error: label since > tw686x_memcpy_dma_free is getting called inside another possible calling > chain, going tw686x_init -> tw686x_video_free (error: label) -> > dma_ops->free (i.e. tw686x_memcpy_dma_free). I would assume this would > not be intended either. > I'm not sure I understand what you think it's not intended, sorry.
