Re: [PATCH v2] usb: stkwebcam: update the reference count of the usb device structure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Salah, Cai,

I received patches for this from both of you, but both have issues:

On 31/07/2021 18:18, Salah Triki wrote:
> Use usb_get_dev() to increment the reference count of the usb device
> structure in order to avoid releasing the structure while it is still in
> use. And use usb_put_dev() to decrement the reference count and thus,
> when it will be equal to 0 the structure will be released.
> 
> Signed-off-by: Salah Triki <salah.triki@xxxxxxxxx>
> ---
> Change since v1:
> 	Modification of the description
> 
>  drivers/media/usb/stkwebcam/stk-webcam.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/media/usb/stkwebcam/stk-webcam.c b/drivers/media/usb/stkwebcam/stk-webcam.c
> index a45d464427c4..3b14679829ed 100644
> --- a/drivers/media/usb/stkwebcam/stk-webcam.c
> +++ b/drivers/media/usb/stkwebcam/stk-webcam.c
> @@ -1309,7 +1309,7 @@ static int stk_camera_probe(struct usb_interface *interface,
>  	init_waitqueue_head(&dev->wait_frame);
>  	dev->first_init = 1; /* webcam LED management */
>  
> -	dev->udev = udev;
> +	dev->udev = usb_get_dev(udev);
>  	dev->interface = interface;
>  	usb_get_intf(interface);

In the error path of stk_camera_probe you need to call usb_put_dev(), otherwise
the udev refcount won't go to 0.

>  
> @@ -1376,6 +1376,7 @@ static void stk_camera_disconnect(struct usb_interface *interface)
>  
>  	usb_set_intfdata(interface, NULL);
>  	unset_present(dev);
> +	usb_put_dev(interface_to_usbdev(interface));

Cai just used usb_put_dev(dev->udev) here which makes more sense.

Cai also moved this to the stk_v4l_dev_release() function, which is probably
a better place.

However, there is another bug here as well: these lines in stk_camera_disconnect()
should be moved to stk_v4l_dev_release():

        v4l2_ctrl_handler_free(&dev->hdl);
        v4l2_device_unregister(&dev->v4l2_dev);
        kfree(dev);

When the last user of the video device has closed their fh, then stk_v4l_dev_release()
is called, so any cleanup of resources/memory should happen there. Right now if you are
streaming and the webcam is disconnected (or the device forcibly unloaded), the dev
pointer is freed in disconnect, but stk_v4l_dev_release() is called later and will
reference freed memory.

I'm not sure who of the two of you will make a v3, I leave that to you to fight out :-)

Regards,

	Hans

>  
>  	wake_up_interruptible(&dev->wait_frame);
>  
> 




[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux