media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()

Message ID 2ddd10ec9e009bbb85518355f1e09e1ecd349925.1685340968.git.christophe.jaillet@wanadoo.fr
State New
Headers
Series media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() |

Commit Message

Christophe JAILLET May 29, 2023, 6:17 a.m. UTC
  'fwnode is known to be NULL, at this point, so fwnode_handle_put() is a
no-op.

Release the reference taken from a previous fwnode_graph_get_port_parent()
call instead.

Fixes: ca50c197bd96 ("[media] v4l: fwnode: Support generic fwnode for parsing standardised properties")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
/!\  THIS PATCH IS SPECULATIVE  /!\
         review with care
---
 drivers/media/v4l2-core/v4l2-fwnode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Sakari Ailus June 13, 2023, 10:55 a.m. UTC | #1
Hi Christophe,

On Mon, May 29, 2023 at 08:17:18AM +0200, Christophe JAILLET wrote:
> 'fwnode is known to be NULL, at this point, so fwnode_handle_put() is a
> no-op.
> 
> Release the reference taken from a previous fwnode_graph_get_port_parent()
> call instead.
> 
> Fixes: ca50c197bd96 ("[media] v4l: fwnode: Support generic fwnode for parsing standardised properties")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> /!\  THIS PATCH IS SPECULATIVE  /!\
>          review with care
> ---
>  drivers/media/v4l2-core/v4l2-fwnode.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
> index 049c2f2001ea..b7dd467c53fd 100644
> --- a/drivers/media/v4l2-core/v4l2-fwnode.c
> +++ b/drivers/media/v4l2-core/v4l2-fwnode.c
> @@ -571,7 +571,7 @@ int v4l2_fwnode_parse_link(struct fwnode_handle *fwnode,
>  
>  	fwnode = fwnode_graph_get_remote_endpoint(fwnode);
>  	if (!fwnode) {
> -		fwnode_handle_put(fwnode);
> +		fwnode_handle_put(link->local_node);

link->local_node also needs to be non-NULL for the successful case. The
condition should take that into account. Could you send v2 with that?

>  		return -ENOLINK;
>  	}
>
  
Christophe JAILLET June 13, 2023, 5:15 p.m. UTC | #2
Le 13/06/2023 à 12:55, Sakari Ailus a écrit :
> Hi Christophe,
> 
> On Mon, May 29, 2023 at 08:17:18AM +0200, Christophe JAILLET wrote:
>> 'fwnode is known to be NULL, at this point, so fwnode_handle_put() is a
>> no-op.
>>
>> Release the reference taken from a previous fwnode_graph_get_port_parent()
>> call instead.
>>
>> Fixes: ca50c197bd96 ("[media] v4l: fwnode: Support generic fwnode for parsing standardised properties")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>> ---
>> /!\  THIS PATCH IS SPECULATIVE  /!\
>>           review with care
>> ---
>>   drivers/media/v4l2-core/v4l2-fwnode.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
>> index 049c2f2001ea..b7dd467c53fd 100644
>> --- a/drivers/media/v4l2-core/v4l2-fwnode.c
>> +++ b/drivers/media/v4l2-core/v4l2-fwnode.c
>> @@ -571,7 +571,7 @@ int v4l2_fwnode_parse_link(struct fwnode_handle *fwnode,
>>   
>>   	fwnode = fwnode_graph_get_remote_endpoint(fwnode);
>>   	if (!fwnode) {
>> -		fwnode_handle_put(fwnode);
>> +		fwnode_handle_put(link->local_node);
> 
> link->local_node also needs to be non-NULL for the successful case. The
> condition should take that into account. Could you send v2 with that?
> 
>>   		return -ENOLINK;
>>   	}
>>   
> 

Hi,
something like below?

@@ -568,19 +568,25 @@ int v4l2_fwnode_parse_link(struct fwnode_handle 
*fwnode,
  	link->local_id = fwep.id;
  	link->local_port = fwep.port;
  	link->local_node = fwnode_graph_get_port_parent(fwnode);
+	if (!link->local_node)
+		return -ENOLINK;

  	fwnode = fwnode_graph_get_remote_endpoint(fwnode);
-	if (!fwnode) {
-		fwnode_handle_put(fwnode);
-		return -ENOLINK;
-	}
+	if (!fwnode)
+		goto err_put_local_node;

  	fwnode_graph_parse_endpoint(fwnode, &fwep);
  	link->remote_id = fwep.id;
  	link->remote_port = fwep.port;
  	link->remote_node = fwnode_graph_get_port_parent(fwnode);
+	if (!link->remote_node)
+		goto err_put_local_node;

  	return 0;
+
+err_put_local_node:
+	fwnode_handle_put(link->local_node);
+	return -ENOLINK;
  }
  EXPORT_SYMBOL_GPL(v4l2_fwnode_parse_link);


CJ
  
Sakari Ailus June 14, 2023, 8 a.m. UTC | #3
Hi Christophe,

On Tue, Jun 13, 2023 at 07:15:40PM +0200, Christophe JAILLET wrote:
> Le 13/06/2023 à 12:55, Sakari Ailus a écrit :
> > Hi Christophe,
> > 
> > On Mon, May 29, 2023 at 08:17:18AM +0200, Christophe JAILLET wrote:
> > > 'fwnode is known to be NULL, at this point, so fwnode_handle_put() is a
> > > no-op.
> > > 
> > > Release the reference taken from a previous fwnode_graph_get_port_parent()
> > > call instead.
> > > 
> > > Fixes: ca50c197bd96 ("[media] v4l: fwnode: Support generic fwnode for parsing standardised properties")
> > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > > ---
> > > /!\  THIS PATCH IS SPECULATIVE  /!\
> > >           review with care
> > > ---
> > >   drivers/media/v4l2-core/v4l2-fwnode.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
> > > index 049c2f2001ea..b7dd467c53fd 100644
> > > --- a/drivers/media/v4l2-core/v4l2-fwnode.c
> > > +++ b/drivers/media/v4l2-core/v4l2-fwnode.c
> > > @@ -571,7 +571,7 @@ int v4l2_fwnode_parse_link(struct fwnode_handle *fwnode,
> > >   	fwnode = fwnode_graph_get_remote_endpoint(fwnode);
> > >   	if (!fwnode) {
> > > -		fwnode_handle_put(fwnode);
> > > +		fwnode_handle_put(link->local_node);
> > 
> > link->local_node also needs to be non-NULL for the successful case. The
> > condition should take that into account. Could you send v2 with that?
> > 
> > >   		return -ENOLINK;
> > >   	}
> > 
> 
> Hi,
> something like below?

Ah, remote_node must be non-NULL, too, indeed. It was surprisingly broken.

> 
> @@ -568,19 +568,25 @@ int v4l2_fwnode_parse_link(struct fwnode_handle
> *fwnode,
>  	link->local_id = fwep.id;
>  	link->local_port = fwep.port;
>  	link->local_node = fwnode_graph_get_port_parent(fwnode);
> +	if (!link->local_node)
> +		return -ENOLINK;
> 
>  	fwnode = fwnode_graph_get_remote_endpoint(fwnode);
> -	if (!fwnode) {
> -		fwnode_handle_put(fwnode);
> -		return -ENOLINK;
> -	}
> +	if (!fwnode)
> +		goto err_put_local_node;

On error, fwnode needs to be put from this onwards, too.

But you can use a single label: fwnode_handle_put() is NULL-safe.

> 
>  	fwnode_graph_parse_endpoint(fwnode, &fwep);
>  	link->remote_id = fwep.id;
>  	link->remote_port = fwep.port;
>  	link->remote_node = fwnode_graph_get_port_parent(fwnode);
> +	if (!link->remote_node)
> +		goto err_put_local_node;
> 
>  	return 0;
> +
> +err_put_local_node:
> +	fwnode_handle_put(link->local_node);
> +	return -ENOLINK;
>  }
>  EXPORT_SYMBOL_GPL(v4l2_fwnode_parse_link);
  

Patch

diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
index 049c2f2001ea..b7dd467c53fd 100644
--- a/drivers/media/v4l2-core/v4l2-fwnode.c
+++ b/drivers/media/v4l2-core/v4l2-fwnode.c
@@ -571,7 +571,7 @@  int v4l2_fwnode_parse_link(struct fwnode_handle *fwnode,
 
 	fwnode = fwnode_graph_get_remote_endpoint(fwnode);
 	if (!fwnode) {
-		fwnode_handle_put(fwnode);
+		fwnode_handle_put(link->local_node);
 		return -ENOLINK;
 	}