Hi Hans,
On Friday 16 Dec 2016 12:39:49 Hans Verkuil wrote:
On 15/12/16 20:40, Shuah Khan wrote:
Using devm resources that have external dependencies such as a dev
for a file handler could result in devm resources getting released
durin unbind while an application has the file open holding pointer
to the devm resource. This results in use-after-free errors when the
application exits.
That's solving the wrong problem.
The real problem is that when registering a video_device it should do
this:
devnode->cdev.kobj.parent = &devnode->dev.kobj;
(taken from cec-core.c)
This will prevent isp->dev from being released as long as there is a
filehandle still open.
But it won't be enough, devm_* resources are released at unbind time, not at
device release time. Right after the unbind (.remove() for platform devices)
handler returns, devm_kzalloc allocated memory goes away.
After that change I believe that this will work correctly, but this
has to be tested first!