Hi Evgeny, On Fri, Jul 24, 2020 at 9:00 PM Evgeny Novikov <novikov@xxxxxxxxx> wrote: > > Hi Lad, > > Yet again I can not demonstrate you a nice error trace corresponding to the bug fixed by the patch. Indeed, there is a branch in vpif_probe() that explicitly invokes vpif_probe_complete() and the patch targets the possible issue that can happen during this. > > When I developed the patch I saw on vpif_display.ko. It looks very similar regarding things touched by the patch. In particular, it does not free vpif_obj.sd in its vpif_probe_complete(). But now I see that it does this in vpif_remove()! > Makes sense. > Do you think that vpif_capture.ko should do the same? If so, I guess that I should fix the patch appropriately since likely it just replaces one (very rare) bug with another one (on a typical execution path). > Yes it should. Cheers, --Prabhakar > -- > Evgeny Novikov > Linux Verification Center, ISP RAS > http://linuxtesting.org > > > > 24.07.2020, 17:17, "Lad, Prabhakar" <prabhakar.csengg@xxxxxxxxx>: > > Hi Evgeny, > > > > Thank you for the patch. > > > > On Thu, Jul 23, 2020 at 6:04 PM Evgeny Novikov <novikov@xxxxxxxxx> wrote: > >> In case of errors vpif_probe_complete() releases memory for vpif_obj.sd > >> and unregisters the V4L2 device. But then this is done again by > >> vpif_probe() itself. The patch removes the cleaning from > >> vpif_probe_complete(). > >> > >> Found by Linux Driver Verification project (linuxtesting.org). > >> > >> Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx> > >> --- > >> drivers/media/platform/davinci/vpif_capture.c | 2 -- > >> 1 file changed, 2 deletions(-) > >> > >> diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/media/platform/davinci/vpif_capture.c > >> index d9ec439faefa..72a0e94e2e21 100644 > >> --- a/drivers/media/platform/davinci/vpif_capture.c > >> +++ b/drivers/media/platform/davinci/vpif_capture.c > >> @@ -1482,8 +1482,6 @@ static int vpif_probe_complete(void) > >> /* Unregister video device */ > >> video_unregister_device(&ch->video_dev); > >> } > >> - kfree(vpif_obj.sd); > >> - v4l2_device_unregister(&vpif_obj.v4l2_dev); > > > > vpif_probe_complete() is a async callback and probe() should have > > already completed by then. > > > > Cheers, > > --Prabhakar > > > >> return err; > >> } > >> -- > >> 2.16.4
