Re: [PATCH 2/3] media: vimc: sensor: register subdevice only after initialization

Tue, 01 Oct 2019 10:24:07 -0700 


On 10/1/19 1:50 PM, Dafna Hirschfeld wrote:
> vimc_sen_add function first registers the subdevice and then
> calls tpg_alloc. If tpg_alloc fails it unregisters the subdevice
> and then frees vsen, this cause double free since the release
> callback that follows subdevice unregistration also frees vsen.
> 
> Signed-off-by: Dafna Hirschfeld <dafna.hirschf...@collabora.com>

Acked-by: Helen Koike <helen.ko...@collabora.com>

> ---
>  drivers/media/platform/vimc/vimc-sensor.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/drivers/media/platform/vimc/vimc-sensor.c 
> b/drivers/media/platform/vimc/vimc-sensor.c
> index 46dc6a535abe..ee2306c08569 100644
> --- a/drivers/media/platform/vimc/vimc-sensor.c
> +++ b/drivers/media/platform/vimc/vimc-sensor.c
> @@ -358,6 +358,13 @@ struct vimc_ent_device *vimc_sen_add(struct vimc_device 
> *vimc,
>               goto err_free_vsen;
>       }
>  
> +     /* Initialize the test pattern generator */
> +     tpg_init(&vsen->tpg, vsen->mbus_format.width,
> +              vsen->mbus_format.height);
> +     ret = tpg_alloc(&vsen->tpg, VIMC_FRAME_MAX_WIDTH);
> +     if (ret)
> +             goto err_free_hdl;
> +
>       /* Initialize ved and sd */
>       ret = vimc_ent_sd_register(&vsen->ved, &vsen->sd, v4l2_dev,
>                                  vcfg_name,
> @@ -365,7 +372,7 @@ struct vimc_ent_device *vimc_sen_add(struct vimc_device 
> *vimc,
>                                  (const unsigned long[1]) 
> {MEDIA_PAD_FL_SOURCE},
>                                  &vimc_sen_int_ops, &vimc_sen_ops);
>       if (ret)
> -             goto err_free_hdl;
> +             goto err_free_tpg;
>  
>       vsen->ved.process_frame = vimc_sen_process_frame;
>       vsen->dev = &vimc->pdev.dev;
> @@ -373,17 +380,10 @@ struct vimc_ent_device *vimc_sen_add(struct vimc_device 
> *vimc,
>       /* Initialize the frame format */
>       vsen->mbus_format = fmt_default;
>  
> -     /* Initialize the test pattern generator */
> -     tpg_init(&vsen->tpg, vsen->mbus_format.width,
> -              vsen->mbus_format.height);
> -     ret = tpg_alloc(&vsen->tpg, VIMC_FRAME_MAX_WIDTH);
> -     if (ret)
> -             goto err_unregister_ent_sd;
> -
>       return &vsen->ved;
>  
> -err_unregister_ent_sd:
> -     vimc_ent_sd_unregister(&vsen->ved,  &vsen->sd);
> +err_free_tpg:
> +     tpg_free(&vsen->tpg);
>  err_free_hdl:
>       v4l2_ctrl_handler_free(&vsen->hdl);
>  err_free_vsen:
> 






















					Reply via email to