* [PATCH AUTOSEL 4.14 10/29] media: venus: hfi: avoid null dereference in deinit
[not found] <20220530135057.1937286-1-sashal@kernel.org>
@ 2022-05-30 13:50 ` Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 11/29] media: pci: cx23885: Fix the error handling in cx23885_initdev() Sasha Levin
` (2 subsequent siblings)
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-05-30 13:50 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Luca Weiss, Stanimir Varbanov, Mauro Carvalho Chehab,
Sasha Levin, agross, bjorn.andersson, linux-media, linux-arm-msm
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 86594f6af867b5165d2ba7b5a71fae3a5961e56c ]
If venus_probe fails at pm_runtime_put_sync the error handling first
calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets
core->ops to NULL, hfi_core_deinit cannot call the core_deinit function
anymore.
Avoid this null pointer derefence by skipping the call when necessary.
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/hfi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/platform/qcom/venus/hfi.c b/drivers/media/platform/qcom/venus/hfi.c
index ba29fd4d4984..7d1d3e64007c 100644
--- a/drivers/media/platform/qcom/venus/hfi.c
+++ b/drivers/media/platform/qcom/venus/hfi.c
@@ -117,6 +117,9 @@ int hfi_core_deinit(struct venus_core *core, bool blocking)
mutex_lock(&core->lock);
}
+ if (!core->ops)
+ goto unlock;
+
ret = core->ops->core_deinit(core);
if (!ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 4.14 11/29] media: pci: cx23885: Fix the error handling in cx23885_initdev()
[not found] <20220530135057.1937286-1-sashal@kernel.org>
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 10/29] media: venus: hfi: avoid null dereference in deinit Sasha Levin
@ 2022-05-30 13:50 ` Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 12/29] media: cx25821: Fix the warning when removing the module Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 26/29] media: exynos4-is: Fix compile warning Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-05-30 13:50 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Zheyu Ma, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin, linux-media
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit e8123311cf06d7dae71e8c5fe78e0510d20cd30b ]
When the driver fails to call the dma_set_mask(), the driver will get
the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240
[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590
[ 55.856822] Call Trace:
[ 55.860327] __process_removed_driver+0x3c/0x240
[ 55.861347] bus_for_each_dev+0x102/0x160
[ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources
in cx23885_dev_setup() but not released them in error handling, fix this
bug by modifying the error path that jumps after failing to call the
dma_set_mask().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx23885/cx23885-core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/pci/cx23885/cx23885-core.c b/drivers/media/pci/cx23885/cx23885-core.c
index 4612f26fcd6d..6f297caf5540 100644
--- a/drivers/media/pci/cx23885/cx23885-core.c
+++ b/drivers/media/pci/cx23885/cx23885-core.c
@@ -2005,7 +2005,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
err = pci_set_dma_mask(pci_dev, 0xffffffff);
if (err) {
pr_err("%s/0: Oops: no 32bit PCI DMA ???\n", dev->name);
- goto fail_ctrl;
+ goto fail_dma_set_mask;
}
err = request_irq(pci_dev->irq, cx23885_irq,
@@ -2013,7 +2013,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
if (err < 0) {
pr_err("%s: can't get IRQ %d\n",
dev->name, pci_dev->irq);
- goto fail_irq;
+ goto fail_dma_set_mask;
}
switch (dev->board) {
@@ -2035,7 +2035,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
return 0;
-fail_irq:
+fail_dma_set_mask:
cx23885_dev_unregister(dev);
fail_ctrl:
v4l2_ctrl_handler_free(hdl);
--
2.35.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 4.14 12/29] media: cx25821: Fix the warning when removing the module
[not found] <20220530135057.1937286-1-sashal@kernel.org>
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 10/29] media: venus: hfi: avoid null dereference in deinit Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 11/29] media: pci: cx23885: Fix the error handling in cx23885_initdev() Sasha Levin
@ 2022-05-30 13:50 ` Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 26/29] media: exynos4-is: Fix compile warning Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-05-30 13:50 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Zheyu Ma, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin, linux-media
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2203436a4d24302871617373a7eb21bc17e38762 ]
When removing the module, we will get the following warning:
[ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'
[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0
[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0
[ 14.759589] Call Trace:
[ 14.759792] <TASK>
[ 14.759975] unregister_irq_proc+0x14c/0x170
[ 14.760340] irq_free_descs+0x94/0xe0
[ 14.760640] mp_unmap_irq+0xb6/0x100
[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40
[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320
[ 14.761688] pci_disable_device+0x1ad/0x380
[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60
[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]
[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]
[ 14.763242] pci_device_remove+0x92/0x240
Fix this by freeing the irq before call pci_disable_device().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/cx25821/cx25821-core.c b/drivers/media/pci/cx25821/cx25821-core.c
index 79582071f139..c5e0fa447e4d 100644
--- a/drivers/media/pci/cx25821/cx25821-core.c
+++ b/drivers/media/pci/cx25821/cx25821-core.c
@@ -1350,11 +1350,11 @@ static void cx25821_finidev(struct pci_dev *pci_dev)
struct cx25821_dev *dev = get_cx25821(v4l2_dev);
cx25821_shutdown(dev);
- pci_disable_device(pci_dev);
/* unregister stuff */
if (pci_dev->irq)
free_irq(pci_dev->irq, dev);
+ pci_disable_device(pci_dev);
cx25821_dev_unregister(dev);
v4l2_device_unregister(v4l2_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 4.14 26/29] media: exynos4-is: Fix compile warning
[not found] <20220530135057.1937286-1-sashal@kernel.org>
` (2 preceding siblings ...)
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 12/29] media: cx25821: Fix the warning when removing the module Sasha Levin
@ 2022-05-30 13:50 ` Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-05-30 13:50 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Kwanghoon Son, kernel test robot, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin, krzysztof.kozlowski,
linux-media, linux-arm-kernel, linux-samsung-soc
From: Kwanghoon Son <k.son@samsung.com>
[ Upstream commit e080f5c1f2b6d02c02ee5d674e0e392ccf63bbaf ]
Declare static on function 'fimc_isp_video_device_unregister'.
When VIDEO_EXYNOS4_ISP_DMA_CAPTURE=n, compiler warns about
warning: no previous prototype for function [-Wmissing-prototypes]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Kwanghoon Son <k.son@samsung.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-isp-video.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-isp-video.h b/drivers/media/platform/exynos4-is/fimc-isp-video.h
index f79a1b348aa6..67ef85249912 100644
--- a/drivers/media/platform/exynos4-is/fimc-isp-video.h
+++ b/drivers/media/platform/exynos4-is/fimc-isp-video.h
@@ -35,7 +35,7 @@ static inline int fimc_isp_video_device_register(struct fimc_isp *isp,
return 0;
}
-void fimc_isp_video_device_unregister(struct fimc_isp *isp,
+static inline void fimc_isp_video_device_unregister(struct fimc_isp *isp,
enum v4l2_buf_type type)
{
}
--
2.35.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-30 14:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20220530135057.1937286-1-sashal@kernel.org>
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 10/29] media: venus: hfi: avoid null dereference in deinit Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 11/29] media: pci: cx23885: Fix the error handling in cx23885_initdev() Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 12/29] media: cx25821: Fix the warning when removing the module Sasha Levin
2022-05-30 13:50 ` [PATCH AUTOSEL 4.14 26/29] media: exynos4-is: Fix compile warning Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).