Re: [PATCH v2] usb: stkwebcam: update the reference count of the usb device structure

From: Hans Verkuil
Date: Wed Sep 01 2021 - 06:55:39 EST

Next message: mdalam: "Re: [PATCH V2] mtd: rawnand: qcom: Update code word value for raw read"
Previous message: Md Sadre Alam: "[PATCH V3] mtd: rawnand: qcom: Update code word value for raw read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Salah, Cai,

I received patches for this from both of you, but both have issues:

On 31/07/2021 18:18, Salah Triki wrote:
> Use usb_get_dev() to increment the reference count of the usb device
> structure in order to avoid releasing the structure while it is still in
> use. And use usb_put_dev() to decrement the reference count and thus,
> when it will be equal to 0 the structure will be released.
>
> Signed-off-by: Salah Triki <salah.triki@xxxxxxxxx>
> ---
> Change since v1:
> Modification of the description
>
> drivers/media/usb/stkwebcam/stk-webcam.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/usb/stkwebcam/stk-webcam.c b/drivers/media/usb/stkwebcam/stk-webcam.c
> index a45d464427c4..3b14679829ed 100644
> --- a/drivers/media/usb/stkwebcam/stk-webcam.c
> +++ b/drivers/media/usb/stkwebcam/stk-webcam.c
> @@ -1309,7 +1309,7 @@ static int stk_camera_probe(struct usb_interface *interface,
> init_waitqueue_head(&dev->wait_frame);
> dev->first_init = 1; /* webcam LED management */
>
> - dev->udev = udev;
> + dev->udev = usb_get_dev(udev);
> dev->interface = interface;
> usb_get_intf(interface);

In the error path of stk_camera_probe you need to call usb_put_dev(), otherwise
the udev refcount won't go to 0.

>
> @@ -1376,6 +1376,7 @@ static void stk_camera_disconnect(struct usb_interface *interface)
>
> usb_set_intfdata(interface, NULL);
> unset_present(dev);
> + usb_put_dev(interface_to_usbdev(interface));

Cai just used usb_put_dev(dev->udev) here which makes more sense.

Cai also moved this to the stk_v4l_dev_release() function, which is probably
a better place.

However, there is another bug here as well: these lines in stk_camera_disconnect()
should be moved to stk_v4l_dev_release():

v4l2_ctrl_handler_free(&dev->hdl);
v4l2_device_unregister(&dev->v4l2_dev);
kfree(dev);

When the last user of the video device has closed their fh, then stk_v4l_dev_release()
is called, so any cleanup of resources/memory should happen there. Right now if you are
streaming and the webcam is disconnected (or the device forcibly unloaded), the dev
pointer is freed in disconnect, but stk_v4l_dev_release() is called later and will
reference freed memory.

I'm not sure who of the two of you will make a v3, I leave that to you to fight out :-)

Regards,

Hans

>
> wake_up_interruptible(&dev->wait_frame);
>
>

Next message: mdalam: "Re: [PATCH V2] mtd: rawnand: qcom: Update code word value for raw read"
Previous message: Md Sadre Alam: "[PATCH V3] mtd: rawnand: qcom: Update code word value for raw read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]