Re: [PATCH] media:exynos4-is: Fix a use after free in isp_video_release

From: kernel test robot
Date: Tue Apr 27 2021 - 01:08:36 EST


Hi Lv,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linuxtv-media/master]
[also build test ERROR on v5.12 next-20210426]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url: https://github.com/0day-ci/linux/commits/Lv-Yunlong/media-exynos4-is-Fix-a-use-after-free-in-isp_video_release/20210427-103518
base: git://linuxtv.org/media_tree.git master
config: m68k-allmodconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/be22db53410320e33e9e471a8a15f14904b5e801
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Lv-Yunlong/media-exynos4-is-Fix-a-use-after-free-in-isp_video_release/20210427-103518
git checkout be22db53410320e33e9e471a8a15f14904b5e801
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross W=1 ARCH=m68k

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All errors (new ones prefixed by >>):

In file included from include/linux/build_bug.h:5,
from include/linux/bits.h:22,
from include/linux/bitops.h:6,
from drivers/media/platform/exynos4-is/fimc-isp-video.c:14:
include/linux/scatterlist.h: In function 'sg_set_buf':
arch/m68k/include/asm/page_mm.h:174:49: warning: ordered comparison of pointer with null pointer [-Wextra]
174 | #define virt_addr_valid(kaddr) ((void *)(kaddr) >= (void *)PAGE_OFFSET && (void *)(kaddr) < high_memory)
| ^~
include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
78 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^
include/linux/scatterlist.h:137:2: note: in expansion of macro 'BUG_ON'
137 | BUG_ON(!virt_addr_valid(buf));
| ^~~~~~
include/linux/scatterlist.h:137:10: note: in expansion of macro 'virt_addr_valid'
137 | BUG_ON(!virt_addr_valid(buf));
| ^~~~~~~~~~~~~~~
drivers/media/platform/exynos4-is/fimc-isp-video.c: In function 'isp_video_release':
>> drivers/media/platform/exynos4-is/fimc-isp-video.c:318:2: error: 'filp' undeclared (first use in this function); did you mean 'file'?
318 | filp->private_data = NULL;
| ^~~~
| file
drivers/media/platform/exynos4-is/fimc-isp-video.c:318:2: note: each undeclared identifier is reported only once for each function it appears in


vim +318 drivers/media/platform/exynos4-is/fimc-isp-video.c

302
303 static int isp_video_release(struct file *file)
304 {
305 struct fimc_isp *isp = video_drvdata(file);
306 struct fimc_is_video *ivc = &isp->video_capture;
307 struct media_entity *entity = &ivc->ve.vdev.entity;
308 struct media_device *mdev = entity->graph_obj.mdev;
309
310 mutex_lock(&isp->video_lock);
311
312 if (v4l2_fh_is_singular_file(file) && ivc->streaming) {
313 media_pipeline_stop(entity);
314 ivc->streaming = 0;
315 }
316
317 _vb2_fop_release(file, NULL);
> 318 filp->private_data = NULL;
319
320 if (v4l2_fh_is_singular_file(file)) {
321 fimc_pipeline_call(&ivc->ve, close);
322
323 mutex_lock(&mdev->graph_mutex);
324 entity->use_count--;
325 mutex_unlock(&mdev->graph_mutex);
326 }
327
328 pm_runtime_put(&isp->pdev->dev);
329 mutex_unlock(&isp->video_lock);
330
331 return 0;
332 }
333

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip