Re: [PATCH 2/2] media: omap3isp change to devm for resources

[Laurent Pinchart]

Hi Hans,

On Friday 16 Dec 2016 12:39:49 Hans Verkuil wrote:
> On 15/12/16 20:40, Shuah Khan wrote:
> > Using devm resources that have external dependencies such as a dev
> > for a file handler could result in devm resources getting released
> > durin unbind while an application has the file open holding pointer
> > to the devm resource. This results in use-after-free errors when the
> > application exits.
> 
> That's solving the wrong problem.
> 
> The real problem is that when registering a video_device it should do
> this:
> 
> devnode->cdev.kobj.parent = &devnode->dev.kobj;
> 
> (taken from cec-core.c)
> 
> This will prevent isp->dev from being released as long as there is a
> filehandle still open.

But it won't be enough, devm_* resources are released at unbind time, not at 
device release time. Right after the unbind (.remove() for platform devices) 
handler returns, devm_kzalloc allocated memory goes away.

> After that change I believe that this will work correctly, but this
> has to be tested first!

-- 
Regards,

Laurent Pinchart