Linux-Media Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] media: vim2m: Fix BUG_ON in vim2m_device_release()
@ 2019-09-08  4:12 Kefeng Wang
  0 siblings, 0 replies; only message in thread
From: Kefeng Wang @ 2019-09-08  4:12 UTC (permalink / raw)
  To: linux-media, linux-kernel
  Cc: Kefeng Wang, Hulk Robot, Laurent Pinchart, Hans Verkuil,
	Mauro Carvalho Chehab

If v4l2_m2m_init() fails, m2m_dev pointer will be set ERR_PTR(-ENOMEM),
then kfree m2m_dev will triger BUG_ON, see below, fix it by setting m2m_dev
to NULL.

  vim2m vim2m.0: Failed to init mem2mem device
  ------------[ cut here ]------------
  kernel BUG at mm/slub.c:3944!
  invalid opcode: 0000 [#1] SMP PTI
  CPU: 11 PID: 9061 Comm: insmod Tainted: G            E     5.2.0-rc2 #81
  Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
  RIP: 0010:kfree+0x11a/0x160

  Call Trace:
   vim2m_device_release+0x3f/0x50 [vim2m]
   device_release+0x27/0x80
   kobject_release+0x68/0x190
   vim2m_probe+0x20f/0x280 [vim2m]
   platform_drv_probe+0x37/0x90
   really_probe+0xef/0x3d0
   driver_probe_device+0x110/0x120
   device_driver_attach+0x4f/0x60
   __driver_attach+0x9a/0x140
   ? device_driver_attach+0x60/0x60
   bus_for_each_dev+0x76/0xc0
   ? klist_add_tail+0x57/0x70
   bus_add_driver+0x141/0x210
   driver_register+0x5b/0xe0
   vim2m_init+0x29/0x1000 [vim2m]
   do_one_initcall+0x46/0x1f4
   ? __slab_alloc+0x1c/0x30
   ? kmem_cache_alloc_trace+0x167/0x1b0
   do_init_module+0x5b/0x21f
   load_module+0x1add/0x1fb0
   ? __do_sys_finit_module+0xe9/0x110
   __do_sys_finit_module+0xe9/0x110
   do_syscall_64+0x5b/0x1c0
   entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fixes: ea6c7e34f3b2 ("media: vim2m: replace devm_kzalloc by kzalloc")
Reported-by: Hulk Robot <hulkci@huawei.com>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
---
 drivers/media/platform/vim2m.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/platform/vim2m.c b/drivers/media/platform/vim2m.c
index acd3bd48c7e2..eb8f398d41f4 100644
--- a/drivers/media/platform/vim2m.c
+++ b/drivers/media/platform/vim2m.c
@@ -1343,6 +1343,7 @@ static int vim2m_probe(struct platform_device *pdev)
 	if (IS_ERR(dev->m2m_dev)) {
 		v4l2_err(&dev->v4l2_dev, "Failed to init mem2mem device\n");
 		ret = PTR_ERR(dev->m2m_dev);
+		dev->m2m_dev = NULL;
 		goto error_dev;
 	}
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-08  4:12 [PATCH] media: vim2m: Fix BUG_ON in vim2m_device_release() Kefeng Wang

Linux-Media Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-media/0 linux-media/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-media linux-media/ https://lore.kernel.org/linux-media \
		linux-media@vger.kernel.org linux-media@archiver.kernel.org
	public-inbox-index linux-media

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-media


AGPL code for this site: git clone https://public-inbox.org/ public-inbox