* [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference
@ 2022-05-25 8:27 Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 1/2] media: vim2m: Register video device after setting up internals Mark-PK Tsai
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Mark-PK Tsai @ 2022-05-25 8:27 UTC (permalink / raw)
To: stable
Cc: mchehab, matthias.bgg, hverkuil-cisco, mark-pk.tsai,
sakari.ailus, linux-media, linux-kernel, linux-arm-kernel,
linux-mediatek, yj.chiang
Backport upstream solution [1][2] to fix below kernel panic:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000208
...
pc : _raw_spin_lock_irqsave+0x50/0x90
lr : v4l2_m2m_cancel_job+0x38/0x1c4 [v4l2_mem2mem]
sp : ffffffc012d2bcb0
x29: ffffffc012d2bcb0 x28: ffffff8098d6bb00
x27: 0000000000000000 x26: ffffffc01009b5c8
x25: 00000000000e001f x24: ffffff808ff3eb50
x23: ffffffc01009f5a0 x22: 0000000000000000
x21: ffffff808ffef000 x20: 0000000000000208
x19: 0000000000000000 x18: ffffffc012b51048
x17: ffffffc011e0ef7c x16: 00000000000000c0
x15: ffffffc010fc78f4 x14: ffffffc0119dd790
x13: 0000000000001b26 x12: 0000000053555555
x11: 0000000000000002 x10: 0000000000000001
x9 : 0000000000000000 x8 : 0000000000000208
x7 : 2020202020202020 x6 : ffffffc011e313a6
x5 : 0000000000000000 x4 : 0000000000000008
x3 : 000000000000002e x2 : 0000000000000001
x1 : 0000000000000000 x0 : 0000000000000208
Call trace:
_raw_spin_lock_irqsave+0x50/0x90
v4l2_m2m_cancel_job+0x38/0x1c4 [v4l2_mem2mem]
v4l2_m2m_ctx_release+0x38/0x60 [v4l2_mem2mem]
vim2m_release+0x5c/0xe0 [vim2m]
v4l2_release+0x90/0x18c
__fput+0xdc/0x2cc
____fput+0x10/0x1c
task_work_run+0xc4/0x130
do_notify_resume+0xdc/0x158
work_pending+0x8/0x10
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf7f34777a5b4100a3a44ff95f3d949c62892bdd
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a28dce222a6ece725689ad58c0cf4a1b48894f4
Mark-PK Tsai (2):
media: vim2m: Register video device after setting up internals
media: vim2m: initialize the media device earlier
drivers/media/platform/vim2m.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
--
2.18.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 5.4 1/2] media: vim2m: Register video device after setting up internals
2022-05-25 8:27 [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Mark-PK Tsai
@ 2022-05-25 8:27 ` Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 2/2] media: vim2m: initialize the media device earlier Mark-PK Tsai
2022-05-26 12:24 ` [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Greg KH
2 siblings, 0 replies; 4+ messages in thread
From: Mark-PK Tsai @ 2022-05-25 8:27 UTC (permalink / raw)
To: stable
Cc: mchehab, matthias.bgg, hverkuil-cisco, mark-pk.tsai,
sakari.ailus, linux-media, linux-kernel, linux-arm-kernel,
linux-mediatek, yj.chiang, Mauro Carvalho Chehab
commit cf7f34777a5b4100a3a44ff95f3d949c62892bdd upstream.
Prevent NULL (or close to NULL) pointer dereference in various places by
registering the video device only when the V4L2 m2m framework has been set
up.
Fixes: commit 96d8eab5d0a1 ("V4L/DVB: [v5,2/2] v4l: Add a mem-to-mem videobuf framework test device")
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
[ backport to 5.4 LTS ]
CC: stable@vger.kernel.org
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
---
drivers/media/platform/vim2m.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/media/platform/vim2m.c b/drivers/media/platform/vim2m.c
index 8d6b09623d88..02f5bc82ba46 100644
--- a/drivers/media/platform/vim2m.c
+++ b/drivers/media/platform/vim2m.c
@@ -1333,12 +1333,6 @@ static int vim2m_probe(struct platform_device *pdev)
vfd->lock = &dev->dev_mutex;
vfd->v4l2_dev = &dev->v4l2_dev;
- ret = video_register_device(vfd, VFL_TYPE_GRABBER, 0);
- if (ret) {
- v4l2_err(&dev->v4l2_dev, "Failed to register video device\n");
- goto error_v4l2;
- }
-
video_set_drvdata(vfd, dev);
v4l2_info(&dev->v4l2_dev,
"Device registered as /dev/video%d\n", vfd->num);
@@ -1353,6 +1347,12 @@ static int vim2m_probe(struct platform_device *pdev)
goto error_dev;
}
+ ret = video_register_device(vfd, VFL_TYPE_GRABBER, 0);
+ if (ret) {
+ v4l2_err(&dev->v4l2_dev, "Failed to register video device\n");
+ goto error_m2m;
+ }
+
#ifdef CONFIG_MEDIA_CONTROLLER
dev->mdev.dev = &pdev->dev;
strscpy(dev->mdev.model, "vim2m", sizeof(dev->mdev.model));
@@ -1366,7 +1366,7 @@ static int vim2m_probe(struct platform_device *pdev)
MEDIA_ENT_F_PROC_VIDEO_SCALER);
if (ret) {
v4l2_err(&dev->v4l2_dev, "Failed to init mem2mem media controller\n");
- goto error_dev;
+ goto error_v4l2;
}
ret = media_device_register(&dev->mdev);
@@ -1381,11 +1381,13 @@ static int vim2m_probe(struct platform_device *pdev)
error_m2m_mc:
v4l2_m2m_unregister_media_controller(dev->m2m_dev);
#endif
-error_dev:
+error_v4l2:
video_unregister_device(&dev->vfd);
/* vim2m_device_release called by video_unregister_device to release various objects */
return ret;
-error_v4l2:
+error_m2m:
+ v4l2_m2m_release(dev->m2m_dev);
+error_dev:
v4l2_device_unregister(&dev->v4l2_dev);
error_free:
kfree(dev);
--
2.18.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 5.4 2/2] media: vim2m: initialize the media device earlier
2022-05-25 8:27 [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 1/2] media: vim2m: Register video device after setting up internals Mark-PK Tsai
@ 2022-05-25 8:27 ` Mark-PK Tsai
2022-05-26 12:24 ` [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Greg KH
2 siblings, 0 replies; 4+ messages in thread
From: Mark-PK Tsai @ 2022-05-25 8:27 UTC (permalink / raw)
To: stable
Cc: mchehab, matthias.bgg, hverkuil-cisco, mark-pk.tsai,
sakari.ailus, linux-media, linux-kernel, linux-arm-kernel,
linux-mediatek, yj.chiang, Mauro Carvalho Chehab
commit 1a28dce222a6ece725689ad58c0cf4a1b48894f4 upstream.
Before the video device node is registered, the v4l2_dev.mdev
pointer must be set in order to correctly associate the video
device with the media device. Move the initialization of the
media device up.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
[ backport to 5.4 LTS]
CC: stable@vger.kernel.org
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
---
drivers/media/platform/vim2m.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/media/platform/vim2m.c b/drivers/media/platform/vim2m.c
index 02f5bc82ba46..6fba00e03c67 100644
--- a/drivers/media/platform/vim2m.c
+++ b/drivers/media/platform/vim2m.c
@@ -1347,12 +1347,6 @@ static int vim2m_probe(struct platform_device *pdev)
goto error_dev;
}
- ret = video_register_device(vfd, VFL_TYPE_GRABBER, 0);
- if (ret) {
- v4l2_err(&dev->v4l2_dev, "Failed to register video device\n");
- goto error_m2m;
- }
-
#ifdef CONFIG_MEDIA_CONTROLLER
dev->mdev.dev = &pdev->dev;
strscpy(dev->mdev.model, "vim2m", sizeof(dev->mdev.model));
@@ -1361,7 +1355,15 @@ static int vim2m_probe(struct platform_device *pdev)
media_device_init(&dev->mdev);
dev->mdev.ops = &m2m_media_ops;
dev->v4l2_dev.mdev = &dev->mdev;
+#endif
+ ret = video_register_device(vfd, VFL_TYPE_GRABBER, 0);
+ if (ret) {
+ v4l2_err(&dev->v4l2_dev, "Failed to register video device\n");
+ goto error_m2m;
+ }
+
+#ifdef CONFIG_MEDIA_CONTROLLER
ret = v4l2_m2m_register_media_controller(dev->m2m_dev, vfd,
MEDIA_ENT_F_PROC_VIDEO_SCALER);
if (ret) {
--
2.18.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference
2022-05-25 8:27 [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 1/2] media: vim2m: Register video device after setting up internals Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 2/2] media: vim2m: initialize the media device earlier Mark-PK Tsai
@ 2022-05-26 12:24 ` Greg KH
2 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2022-05-26 12:24 UTC (permalink / raw)
To: Mark-PK Tsai
Cc: stable, mchehab, matthias.bgg, hverkuil-cisco, sakari.ailus,
linux-media, linux-kernel, linux-arm-kernel, linux-mediatek,
yj.chiang
On Wed, May 25, 2022 at 04:27:29PM +0800, Mark-PK Tsai wrote:
> Backport upstream solution [1][2] to fix below kernel panic:
>
> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000208
> ...
> pc : _raw_spin_lock_irqsave+0x50/0x90
> lr : v4l2_m2m_cancel_job+0x38/0x1c4 [v4l2_mem2mem]
> sp : ffffffc012d2bcb0
> x29: ffffffc012d2bcb0 x28: ffffff8098d6bb00
> x27: 0000000000000000 x26: ffffffc01009b5c8
> x25: 00000000000e001f x24: ffffff808ff3eb50
> x23: ffffffc01009f5a0 x22: 0000000000000000
> x21: ffffff808ffef000 x20: 0000000000000208
> x19: 0000000000000000 x18: ffffffc012b51048
> x17: ffffffc011e0ef7c x16: 00000000000000c0
> x15: ffffffc010fc78f4 x14: ffffffc0119dd790
> x13: 0000000000001b26 x12: 0000000053555555
> x11: 0000000000000002 x10: 0000000000000001
> x9 : 0000000000000000 x8 : 0000000000000208
> x7 : 2020202020202020 x6 : ffffffc011e313a6
> x5 : 0000000000000000 x4 : 0000000000000008
> x3 : 000000000000002e x2 : 0000000000000001
> x1 : 0000000000000000 x0 : 0000000000000208
> Call trace:
> _raw_spin_lock_irqsave+0x50/0x90
> v4l2_m2m_cancel_job+0x38/0x1c4 [v4l2_mem2mem]
> v4l2_m2m_ctx_release+0x38/0x60 [v4l2_mem2mem]
> vim2m_release+0x5c/0xe0 [vim2m]
> v4l2_release+0x90/0x18c
> __fput+0xdc/0x2cc
> ____fput+0x10/0x1c
> task_work_run+0xc4/0x130
> do_notify_resume+0xdc/0x158
> work_pending+0x8/0x10
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf7f34777a5b4100a3a44ff95f3d949c62892bdd
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a28dce222a6ece725689ad58c0cf4a1b48894f4
>
> Mark-PK Tsai (2):
> media: vim2m: Register video device after setting up internals
> media: vim2m: initialize the media device earlier
>
> drivers/media/platform/vim2m.c | 22 +++++++++++++---------
> 1 file changed, 13 insertions(+), 9 deletions(-)
>
> --
> 2.18.0
>
All now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-26 12:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-25 8:27 [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 1/2] media: vim2m: Register video device after setting up internals Mark-PK Tsai
2022-05-25 8:27 ` [PATCH 5.4 2/2] media: vim2m: initialize the media device earlier Mark-PK Tsai
2022-05-26 12:24 ` [PATCH 5.4 0/2] media: vim2m: Fix potential NULL pointer dereference Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).