Re: [PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()

Next message: Aneesh Kumar K.V (Arm): "[RFC PATCH 5/7] dma-mapping: make dma_pgprot() honor DMA_ATTR_CC_DECRYPTED"
Previous message: David Gow: "Re: [PATCH 2/3] rust: testing: add Kconfig for KUnit test"
In reply to: Huihui Huang: "[PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()"
Next in thread: Huihui Huang: "Re: [PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dan Carpenter

Date: Fri Apr 17 2026 - 05:03:09 EST

On Fri, Apr 17, 2026 at 03:58:07PM +0800, Huihui Huang wrote:
> There is a memory leak in drivers/staging/media/ipu7/ipu7.c.
>
> In ipu7_psys_init(), psys_adev->mmu is allocated by ipu7_mmu_init().
> When ipu7_bus_add_device() fails, the function returns without
> cleaning up the MMU resources.
>
> Add the missing ipu7_mmu_cleanup() call on the error path to free
> the MMU resources.
>
> Signed-off-by: Huihui Huang <hhhuang@xxxxxxxxxx>
> ---
> drivers/staging/media/ipu7/ipu7.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/staging/media/ipu7/ipu7.c b/drivers/staging/media/ipu7/ipu7.c
> index c771e763f8c5..4039e548dc8f 100644
> --- a/drivers/staging/media/ipu7/ipu7.c
> +++ b/drivers/staging/media/ipu7/ipu7.c
> @@ -2228,6 +2228,7 @@ ipu7_psys_init(struct pci_dev *pdev, struct device *parent,
>
> ret = ipu7_bus_add_device(psys_adev);
> if (ret) {
> + ipu7_mmu_cleanup(psys_adev->mmu);

Same thing. We call ipu7_mmu_cleanup() in the caller, and it looks like
that will trigger a NULL dereference.

> kfree(pdata);

This kfree() is also wrong. We're supposed to do:

put_device(&psys_adev->auxdev.dev);

which calls ipu7_bus_release() and that frees "pdata" along with
psys_adev. In this function the first two error paths are correct
but the next two are buggy.

KTODO: Fix error handling in ipu7_psys_init()

regards,
dan carpenter