1. Patchew
  2. linux
  3. View series

[PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()

Huihui Huang posted 1 patch 1 month, 4 weeks ago 
drivers/staging/media/ipu7/ipu7.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()
Posted by Huihui Huang 1 month, 4 weeks ago 
There is a memory leak in drivers/staging/media/ipu7/ipu7.c.

In ipu7_psys_init(), psys_adev->mmu is allocated by ipu7_mmu_init().
When ipu7_bus_add_device() fails, the function returns without
cleaning up the MMU resources.

Add the missing ipu7_mmu_cleanup() call on the error path to free
the MMU resources.

Signed-off-by: Huihui Huang <hhhuang@smu.edu.sg>
---
 drivers/staging/media/ipu7/ipu7.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/staging/media/ipu7/ipu7.c b/drivers/staging/media/ipu7/ipu7.c
index c771e763f8c5..4039e548dc8f 100644
--- a/drivers/staging/media/ipu7/ipu7.c
+++ b/drivers/staging/media/ipu7/ipu7.c
@@ -2228,6 +2228,7 @@ ipu7_psys_init(struct pci_dev *pdev, struct device *parent,
 
 	ret = ipu7_bus_add_device(psys_adev);
 	if (ret) {
+		ipu7_mmu_cleanup(psys_adev->mmu);
 		kfree(pdata);
 		return ERR_PTR(ret);
 	}
-- 
2.50.1
Re: [PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()
Posted by Dan Carpenter 1 month, 4 weeks ago 
On Fri, Apr 17, 2026 at 03:58:07PM +0800, Huihui Huang wrote:
> There is a memory leak in drivers/staging/media/ipu7/ipu7.c.
> 
> In ipu7_psys_init(), psys_adev->mmu is allocated by ipu7_mmu_init().
> When ipu7_bus_add_device() fails, the function returns without
> cleaning up the MMU resources.
> 
> Add the missing ipu7_mmu_cleanup() call on the error path to free
> the MMU resources.
> 
> Signed-off-by: Huihui Huang <hhhuang@smu.edu.sg>
> ---
>  drivers/staging/media/ipu7/ipu7.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/staging/media/ipu7/ipu7.c b/drivers/staging/media/ipu7/ipu7.c
> index c771e763f8c5..4039e548dc8f 100644
> --- a/drivers/staging/media/ipu7/ipu7.c
> +++ b/drivers/staging/media/ipu7/ipu7.c
> @@ -2228,6 +2228,7 @@ ipu7_psys_init(struct pci_dev *pdev, struct device *parent,
>  
>  	ret = ipu7_bus_add_device(psys_adev);
>  	if (ret) {
> +		ipu7_mmu_cleanup(psys_adev->mmu);

Same thing.  We call ipu7_mmu_cleanup() in the caller, and it looks like
that will trigger a NULL dereference.

>  		kfree(pdata);

This kfree() is also wrong.  We're supposed to do:

	put_device(&psys_adev->auxdev.dev);

which calls ipu7_bus_release() and that frees "pdata" along with
psys_adev.  In this function the first two error paths are correct
but the next two are buggy.

KTODO: Fix error handling in ipu7_psys_init()

regards,
dan carpenter
Re: [PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()
Posted by Huihui Huang 1 month, 4 weeks ago 
On Fri, Apr 17, 2026 at 11:59:00AM +0300, Dan Carpenter wrote:
> Same thing.  We call ipu7_mmu_cleanup() in the caller, and it looks like
> that will trigger a NULL dereference.

Thanks for the review, Dan, and for catching the kfree(pdata) issue
as well. Please disregard this patch. 

Thanks,
Huihui

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.