From: Helen Koike <helen.koike@collabora.com>
To: Sakari Ailus <sakari.ailus@iki.fi>
Cc: linux-media@vger.kernel.org, mchehab@kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL
Date: Fri, 7 Apr 2017 11:36:29 -0300 [thread overview]
Message-ID: <f3f83e8f-41e3-3567-8ec6-c4e693e7297e@collabora.com> (raw)
In-Reply-To: <20170407074015.GB4192@valkosipuli.retiisi.org.uk>
Hi Sakari,
On 2017-04-07 04:40 AM, Sakari Ailus wrote:
> Hi Helen,
>
> On Thu, Apr 06, 2017 at 04:32:00PM -0300, Helen Koike wrote:
>> Fix kernel Oops NULL pointer deference
>> Call dev_dbg_obj only after checking if gobj->mdev is not NULL
>>
>> Signed-off-by: Helen Koike <helen.koike@collabora.com>
>> ---
>> drivers/media/media-entity.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c
>> index 5640ca2..bc44193 100644
>> --- a/drivers/media/media-entity.c
>> +++ b/drivers/media/media-entity.c
>> @@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev,
>>
>> void media_gobj_destroy(struct media_gobj *gobj)
>> {
>> - dev_dbg_obj(__func__, gobj);
>> -
>> /* Do nothing if the object is not linked. */
>> if (gobj->mdev == NULL)
>> return;
>>
>> + dev_dbg_obj(__func__, gobj);
>> +
>> gobj->mdev->topology_version++;
>>
>> /* Remove the object from mdev list */
>
> Where is media_gobj_destroy() called with an object with NULL mdev?
>
> I do not object to the change, but would like to know because I don't think
> it's supposed to happen.
This happens when media_device_unregister(mdev) is called before
unregistering the subdevices v4l2_device_unregister_subdev(sd) (which
should be possible).
v4l2_device_unregister_subdev(sd) ends up calling v4l2_device_release()
that calls media_device_unregister_entity() again (previously called by
media_device_unregister(mdev)
Helen
>
> There are issues though, until the patches fixing object referencing are
> finished and merged. Unfortunately I haven't been able to work on those
> recently, will pick them up again soon...
>
next prev parent reply other threads:[~2017-04-07 14:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-06 19:32 [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL Helen Koike
2017-04-07 7:40 ` Sakari Ailus
2017-04-07 14:36 ` Helen Koike [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-04-06 19:25 Helen Koike
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f3f83e8f-41e3-3567-8ec6-c4e693e7297e@collabora.com \
--to=helen.koike@collabora.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=sakari.ailus@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.