From d87f10c472e64cfc1bb705cd260c51597db57ffe Mon Sep 17 00:00:00 2001 From: Shiju Mathew Date: Fri, 12 May 2017 17:05:53 -0400 Subject: msm: ba: Update printk format specifier to prevent leaks Update printk format from %p to %pK in msm_ba driver to hide exposed kernel pointers. CRs-Fixed: 2036994 Change-Id: I8f9290670888a0b351339990f0dc2fa4fcc78b26 Signed-off-by: Shiju Mathew --- drivers/video/msm/ba/msm_ba.c | 6 +++--- drivers/video/msm/ba/msm_ba_debug.c | 20 ++++++++++---------- drivers/video/msm/ba/msm_v4l2_ba.c | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) (limited to 'drivers/video') diff --git a/drivers/video/msm/ba/msm_ba.c b/drivers/video/msm/ba/msm_ba.c index 3e0838115ca6..7aa364a98780 100644 --- a/drivers/video/msm/ba/msm_ba.c +++ b/drivers/video/msm/ba/msm_ba.c @@ -53,7 +53,7 @@ int msm_ba_querycap(void *instance, struct v4l2_capability *cap) if (!inst || !cap) { dprintk(BA_ERR, - "Invalid input, inst = 0x%p, cap = 0x%p", inst, cap); + "Invalid input, inst = 0x%pK, cap = 0x%pK", inst, cap); return -EINVAL; } @@ -632,7 +632,7 @@ static int msm_ba_register_v4l2_subdev(struct v4l2_device *v4l2_dev, struct video_device *vdev; int rc = 0; - dprintk(BA_DBG, "Enter %s: v4l2_dev 0x%p, v4l2_subdev 0x%p", + dprintk(BA_DBG, "Enter %s: v4l2_dev 0x%pK, v4l2_subdev 0x%pK", __func__, v4l2_dev, sd); if (NULL == v4l2_dev || NULL == sd || !sd->name[0]) { dprintk(BA_ERR, "Invalid input"); @@ -884,7 +884,7 @@ int msm_ba_close(void *instance) debugfs_remove_recursive(inst->debugfs_root); - dprintk(BA_DBG, "Closed BA instance: %p", inst); + dprintk(BA_DBG, "Closed BA instance: %pK", inst); kfree(inst); return rc; diff --git a/drivers/video/msm/ba/msm_ba_debug.c b/drivers/video/msm/ba/msm_ba_debug.c index aa5109eb8e64..b57f4c94e18b 100644 --- a/drivers/video/msm/ba/msm_ba_debug.c +++ b/drivers/video/msm/ba/msm_ba_debug.c @@ -60,7 +60,7 @@ static ssize_t dev_info_read(struct file *file, char __user *buf, ssize_t size = 0; if (!dev_ctxt) { - dprintk(BA_ERR, "Invalid params, dev: 0x%p", dev_ctxt); + dprintk(BA_ERR, "Invalid params, dev: 0x%pK", dev_ctxt); return 0; } @@ -70,7 +70,7 @@ static ssize_t dev_info_read(struct file *file, char __user *buf, INIT_DBG_BUF(dbg_buf); write_str(dbg_buf, "==============================="); - write_str(dbg_buf, "DEV: 0x%p", dev_ctxt); + write_str(dbg_buf, "DEV: 0x%pK", dev_ctxt); write_str(dbg_buf, "==============================="); write_str(dbg_buf, "state: %d", dev_ctxt->state); @@ -102,7 +102,7 @@ struct dentry *msm_ba_debugfs_init_drv(void) struct dentry *f = debugfs_create_##__type(__name, S_IRUGO | S_IWUSR, \ dir, __value); \ if (IS_ERR_OR_NULL(f)) { \ - dprintk(BA_ERR, "Failed creating debugfs file '%pd/%s'", \ + dprintk(BA_ERR, "Failed creating debugfs file '%pKd/%s'", \ dir, __name); \ f = NULL; \ } \ @@ -135,11 +135,11 @@ struct dentry *msm_ba_debugfs_init_dev(struct msm_ba_dev *dev_ctxt, char debugfs_name[MAX_DEBUGFS_NAME]; if (!dev_ctxt) { - dprintk(BA_ERR, "Invalid params, core: %p", dev_ctxt); + dprintk(BA_ERR, "Invalid params, core: %pK", dev_ctxt); goto failed_create_dir; } - snprintf(debugfs_name, MAX_DEBUGFS_NAME, "dev_%p", dev_ctxt); + snprintf(debugfs_name, MAX_DEBUGFS_NAME, "dev_%pK", dev_ctxt); dir = debugfs_create_dir(debugfs_name, parent); if (!dir) { dprintk(BA_ERR, "Failed to create debugfs for msm_ba"); @@ -168,7 +168,7 @@ static ssize_t inst_info_read(struct file *file, char __user *buf, ssize_t size = 0; if (!inst) { - dprintk(BA_ERR, "Invalid params, dev: %p", inst); + dprintk(BA_ERR, "Invalid params, dev: %pK", inst); return 0; } @@ -178,10 +178,10 @@ static ssize_t inst_info_read(struct file *file, char __user *buf, INIT_DBG_BUF(dbg_buf); write_str(dbg_buf, "==============================="); - write_str(dbg_buf, "INSTANCE: %p (%s)", inst, + write_str(dbg_buf, "INSTANCE: %pK (%s)", inst, "BA device"); write_str(dbg_buf, "==============================="); - write_str(dbg_buf, "dev: %p", inst->dev_ctxt); + write_str(dbg_buf, "dev: %pK", inst->dev_ctxt); write_str(dbg_buf, "state: %d", inst->state); size = simple_read_from_buffer(buf, count, ppos, @@ -204,10 +204,10 @@ struct dentry *msm_ba_debugfs_init_inst(struct msm_ba_inst *inst, char debugfs_name[MAX_DEBUGFS_NAME]; if (!inst) { - dprintk(BA_ERR, "Invalid params, inst: %p", inst); + dprintk(BA_ERR, "Invalid params, inst: %pK", inst); goto failed_create_dir; } - snprintf(debugfs_name, MAX_DEBUGFS_NAME, "inst_%p", inst); + snprintf(debugfs_name, MAX_DEBUGFS_NAME, "inst_%pK", inst); dir = debugfs_create_dir(debugfs_name, parent); if (!dir) { dprintk(BA_ERR, "Failed to create debugfs for msm_ba"); diff --git a/drivers/video/msm/ba/msm_v4l2_ba.c b/drivers/video/msm/ba/msm_v4l2_ba.c index 0cd3fc3b238f..7f0e442086a1 100644 --- a/drivers/video/msm/ba/msm_v4l2_ba.c +++ b/drivers/video/msm/ba/msm_v4l2_ba.c @@ -453,7 +453,7 @@ static int msm_ba_probe(struct platform_device *pdev) struct ba_ctxt *ba_ctxt; int rc = 0; - dprintk(BA_INFO, "Enter %s: pdev %p device id = %d", + dprintk(BA_INFO, "Enter %s: pdev %pK device id = %d", __func__, pdev, pdev->id); ba_ctxt = msm_ba_get_ba_context(); -- cgit v1.2.3 From bb4ea9d9e7860511282cdc84a8d33b4f526766ac Mon Sep 17 00:00:00 2001 From: Jingtao Chen Date: Wed, 14 Jun 2017 15:11:37 +0800 Subject: msm: ba: Fix some potential risks Avoid memory leaks and prevent to dereference null pointer Change-Id: I907ea987b0f3d6971116e116841482fa364ef7b8 Signed-off-by: Jingtao Chen --- drivers/video/msm/ba/msm_ba.c | 2 +- drivers/video/msm/ba/msm_ba_common.c | 18 +++++++++------- drivers/video/msm/ba/msm_v4l2_ba.c | 41 ++++++++++++++++++------------------ include/media/msm_ba.h | 3 ++- 4 files changed, 33 insertions(+), 31 deletions(-) (limited to 'drivers/video') diff --git a/drivers/video/msm/ba/msm_ba.c b/drivers/video/msm/ba/msm_ba.c index 7aa364a98780..8d1459088b80 100644 --- a/drivers/video/msm/ba/msm_ba.c +++ b/drivers/video/msm/ba/msm_ba.c @@ -618,7 +618,7 @@ int msm_ba_save_restore_input(void *instance, enum msm_ba_save_restore_ip sr) } EXPORT_SYMBOL(msm_ba_save_restore_input); -void msm_ba_release_subdev_node(struct video_device *vdev) +static void msm_ba_release_subdev_node(struct video_device *vdev) { struct v4l2_subdev *sd = video_get_drvdata(vdev); diff --git a/drivers/video/msm/ba/msm_ba_common.c b/drivers/video/msm/ba/msm_ba_common.c index cc8eb2da3e3b..1306fca46652 100644 --- a/drivers/video/msm/ba/msm_ba_common.c +++ b/drivers/video/msm/ba/msm_ba_common.c @@ -509,20 +509,20 @@ static const struct v4l2_ctrl_ops msm_ba_ctrl_ops = { .s_ctrl = msm_ba_op_s_ctrl, }; -const struct v4l2_ctrl_ops *msm_ba_get_ctrl_ops(void) -{ - return &msm_ba_ctrl_ops; -} - static struct v4l2_ctrl **msm_ba_get_super_cluster(struct msm_ba_inst *inst, int *size) { int c = 0; int sz = 0; - struct v4l2_ctrl **cluster = kmalloc(sizeof(struct v4l2_ctrl *) * + struct v4l2_ctrl **cluster = NULL; + + if (!size || !inst) + return NULL; + + cluster = kmalloc(sizeof(struct v4l2_ctrl *) * BA_NUM_CTRLS, GFP_KERNEL); - if (!size || !cluster || !inst) + if (!cluster) return NULL; for (c = 0; c < BA_NUM_CTRLS; c++) @@ -539,10 +539,12 @@ static struct v4l2_ctrl **msm_ba_get_super_cluster(struct msm_ba_inst *inst, int msm_ba_ctrl_init(struct msm_ba_inst *inst) { int idx = 0; - struct v4l2_ctrl_config ctrl_cfg = {0}; + struct v4l2_ctrl_config ctrl_cfg; int rc = 0; int cluster_size = 0; + memset(&ctrl_cfg, 0x00, sizeof(struct v4l2_ctrl_config)); + if (!inst) { dprintk(BA_ERR, "%s - invalid instance", __func__); return -EINVAL; diff --git a/drivers/video/msm/ba/msm_v4l2_ba.c b/drivers/video/msm/ba/msm_v4l2_ba.c index 7f0e442086a1..89fc08dd3c33 100644 --- a/drivers/video/msm/ba/msm_v4l2_ba.c +++ b/drivers/video/msm/ba/msm_v4l2_ba.c @@ -37,7 +37,7 @@ struct ba_ctxt *msm_ba_get_ba_context(void) return gp_ba_ctxt; } -void msm_ba_set_ba_context(struct ba_ctxt *ba_ctxt) +static void msm_ba_set_ba_context(struct ba_ctxt *ba_ctxt) { gp_ba_ctxt = ba_ctxt; } @@ -83,7 +83,7 @@ static int msm_ba_v4l2_querycap(struct file *filp, void *fh, return msm_ba_querycap((void *)ba_inst, cap); } -int msm_ba_v4l2_enum_input(struct file *file, void *fh, +static int msm_ba_v4l2_enum_input(struct file *file, void *fh, struct v4l2_input *input) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -91,7 +91,7 @@ int msm_ba_v4l2_enum_input(struct file *file, void *fh, return msm_ba_enum_input((void *)ba_inst, input); } -int msm_ba_v4l2_g_input(struct file *file, void *fh, +static int msm_ba_v4l2_g_input(struct file *file, void *fh, unsigned int *index) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -99,7 +99,7 @@ int msm_ba_v4l2_g_input(struct file *file, void *fh, return msm_ba_g_input((void *)ba_inst, index); } -int msm_ba_v4l2_s_input(struct file *file, void *fh, +static int msm_ba_v4l2_s_input(struct file *file, void *fh, unsigned int index) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -107,7 +107,7 @@ int msm_ba_v4l2_s_input(struct file *file, void *fh, return msm_ba_s_input((void *)ba_inst, index); } -int msm_ba_v4l2_enum_output(struct file *file, void *fh, +static int msm_ba_v4l2_enum_output(struct file *file, void *fh, struct v4l2_output *output) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -115,7 +115,7 @@ int msm_ba_v4l2_enum_output(struct file *file, void *fh, return msm_ba_enum_output((void *)ba_inst, output); } -int msm_ba_v4l2_g_output(struct file *file, void *fh, +static int msm_ba_v4l2_g_output(struct file *file, void *fh, unsigned int *index) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -123,7 +123,7 @@ int msm_ba_v4l2_g_output(struct file *file, void *fh, return msm_ba_g_output((void *)ba_inst, index); } -int msm_ba_v4l2_s_output(struct file *file, void *fh, +static int msm_ba_v4l2_s_output(struct file *file, void *fh, unsigned int index) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -131,7 +131,7 @@ int msm_ba_v4l2_s_output(struct file *file, void *fh, return msm_ba_s_output((void *)ba_inst, index); } -int msm_ba_v4l2_enum_fmt(struct file *file, void *fh, +static int msm_ba_v4l2_enum_fmt(struct file *file, void *fh, struct v4l2_fmtdesc *f) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -139,7 +139,7 @@ int msm_ba_v4l2_enum_fmt(struct file *file, void *fh, return msm_ba_enum_fmt((void *)ba_inst, f); } -int msm_ba_v4l2_s_fmt(struct file *file, void *fh, +static int msm_ba_v4l2_s_fmt(struct file *file, void *fh, struct v4l2_format *f) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -147,7 +147,7 @@ int msm_ba_v4l2_s_fmt(struct file *file, void *fh, return msm_ba_s_fmt((void *)ba_inst, f); } -int msm_ba_v4l2_g_fmt(struct file *file, void *fh, +static int msm_ba_v4l2_g_fmt(struct file *file, void *fh, struct v4l2_format *f) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -155,7 +155,7 @@ int msm_ba_v4l2_g_fmt(struct file *file, void *fh, return msm_ba_g_fmt((void *)ba_inst, f); } -int msm_ba_v4l2_s_ctrl(struct file *file, void *fh, +static int msm_ba_v4l2_s_ctrl(struct file *file, void *fh, struct v4l2_control *a) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -163,7 +163,7 @@ int msm_ba_v4l2_s_ctrl(struct file *file, void *fh, return msm_ba_s_ctrl((void *)ba_inst, a); } -int msm_ba_v4l2_g_ctrl(struct file *file, void *fh, +static int msm_ba_v4l2_g_ctrl(struct file *file, void *fh, struct v4l2_control *a) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -171,7 +171,7 @@ int msm_ba_v4l2_g_ctrl(struct file *file, void *fh, return msm_ba_g_ctrl((void *)ba_inst, a); } -int msm_ba_v4l2_s_ext_ctrl(struct file *file, void *fh, +static int msm_ba_v4l2_s_ext_ctrl(struct file *file, void *fh, struct v4l2_ext_controls *a) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -179,7 +179,7 @@ int msm_ba_v4l2_s_ext_ctrl(struct file *file, void *fh, return msm_ba_s_ext_ctrl((void *)ba_inst, a); } -int msm_ba_v4l2_streamon(struct file *file, void *fh, +static int msm_ba_v4l2_streamon(struct file *file, void *fh, enum v4l2_buf_type i) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -187,7 +187,7 @@ int msm_ba_v4l2_streamon(struct file *file, void *fh, return msm_ba_streamon((void *)ba_inst, i); } -int msm_ba_v4l2_streamoff(struct file *file, void *fh, +static int msm_ba_v4l2_streamoff(struct file *file, void *fh, enum v4l2_buf_type i) { struct msm_ba_inst *ba_inst = get_ba_inst(file, fh); @@ -260,7 +260,7 @@ static unsigned int msm_ba_v4l2_poll(struct file *filp, return msm_ba_poll((void *)ba_inst, filp, pt); } -void msm_ba_release_video_device(struct video_device *pvdev) +static void msm_ba_release_video_device(struct video_device *pvdev) { } @@ -369,9 +369,8 @@ static int msm_ba_device_init(struct platform_device *pdev, if ((ret_dev_ctxt == NULL) || (*ret_dev_ctxt != NULL) || (pdev == NULL)) { - dprintk(BA_ERR, "%s(%d) Invalid params %p %p %p", - __func__, __LINE__, - ret_dev_ctxt, *ret_dev_ctxt, pdev); + dprintk(BA_ERR, "%s(%d) Invalid params", + __func__, __LINE__); return -EINVAL; } @@ -507,7 +506,7 @@ static int msm_ba_remove(struct platform_device *pdev) return rc; } -int msm_ba_create(void) +static int msm_ba_create(void) { struct ba_ctxt *ba_ctxt; int rc = 0; @@ -539,7 +538,7 @@ int msm_ba_create(void) return rc; } -int msm_ba_destroy(void) +static int msm_ba_destroy(void) { struct ba_ctxt *ba_ctxt; int rc = 0; diff --git a/include/media/msm_ba.h b/include/media/msm_ba.h index 1b51e3f754d8..d630e441590f 100644 --- a/include/media/msm_ba.h +++ b/include/media/msm_ba.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -68,6 +68,7 @@ int msm_ba_s_ext_ctrl(void *instance, struct v4l2_ext_controls *a); int msm_ba_g_ctrl(void *instance, struct v4l2_control *a); int msm_ba_streamon(void *instance, enum v4l2_buf_type i); int msm_ba_streamoff(void *instance, enum v4l2_buf_type i); +long msm_ba_private_ioctl(void *instance, int cmd, void *arg); int msm_ba_save_restore_input(void *instance, enum msm_ba_save_restore_ip sr); int msm_ba_poll(void *instance, struct file *filp, struct poll_table_struct *pt); -- cgit v1.2.3