* [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL
@ 2017-04-06 19:32 Helen Koike
2017-04-07 7:40 ` Sakari Ailus
0 siblings, 1 reply; 3+ messages in thread
From: Helen Koike @ 2017-04-06 19:32 UTC (permalink / raw)
To: linux-media; +Cc: mchehab, linux-kernel
Fix kernel Oops NULL pointer deference
Call dev_dbg_obj only after checking if gobj->mdev is not NULL
Signed-off-by: Helen Koike <helen.koike@collabora.com>
---
drivers/media/media-entity.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c
index 5640ca2..bc44193 100644
--- a/drivers/media/media-entity.c
+++ b/drivers/media/media-entity.c
@@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev,
void media_gobj_destroy(struct media_gobj *gobj)
{
- dev_dbg_obj(__func__, gobj);
-
/* Do nothing if the object is not linked. */
if (gobj->mdev == NULL)
return;
+ dev_dbg_obj(__func__, gobj);
+
gobj->mdev->topology_version++;
/* Remove the object from mdev list */
--
2.7.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL
2017-04-06 19:32 [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL Helen Koike
@ 2017-04-07 7:40 ` Sakari Ailus
2017-04-07 14:36 ` Helen Koike
0 siblings, 1 reply; 3+ messages in thread
From: Sakari Ailus @ 2017-04-07 7:40 UTC (permalink / raw)
To: Helen Koike; +Cc: linux-media, mchehab, linux-kernel
Hi Helen,
On Thu, Apr 06, 2017 at 04:32:00PM -0300, Helen Koike wrote:
> Fix kernel Oops NULL pointer deference
> Call dev_dbg_obj only after checking if gobj->mdev is not NULL
>
> Signed-off-by: Helen Koike <helen.koike@collabora.com>
> ---
> drivers/media/media-entity.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c
> index 5640ca2..bc44193 100644
> --- a/drivers/media/media-entity.c
> +++ b/drivers/media/media-entity.c
> @@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev,
>
> void media_gobj_destroy(struct media_gobj *gobj)
> {
> - dev_dbg_obj(__func__, gobj);
> -
> /* Do nothing if the object is not linked. */
> if (gobj->mdev == NULL)
> return;
>
> + dev_dbg_obj(__func__, gobj);
> +
> gobj->mdev->topology_version++;
>
> /* Remove the object from mdev list */
Where is media_gobj_destroy() called with an object with NULL mdev?
I do not object to the change, but would like to know because I don't think
it's supposed to happen.
There are issues though, until the patches fixing object referencing are
finished and merged. Unfortunately I haven't been able to work on those
recently, will pick them up again soon...
--
Kind regards,
Sakari Ailus
e-mail: sakari.ailus@iki.fi XMPP: sailus@retiisi.org.uk
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL
2017-04-07 7:40 ` Sakari Ailus
@ 2017-04-07 14:36 ` Helen Koike
0 siblings, 0 replies; 3+ messages in thread
From: Helen Koike @ 2017-04-07 14:36 UTC (permalink / raw)
To: Sakari Ailus; +Cc: linux-media, mchehab, linux-kernel
Hi Sakari,
On 2017-04-07 04:40 AM, Sakari Ailus wrote:
> Hi Helen,
>
> On Thu, Apr 06, 2017 at 04:32:00PM -0300, Helen Koike wrote:
>> Fix kernel Oops NULL pointer deference
>> Call dev_dbg_obj only after checking if gobj->mdev is not NULL
>>
>> Signed-off-by: Helen Koike <helen.koike@collabora.com>
>> ---
>> drivers/media/media-entity.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c
>> index 5640ca2..bc44193 100644
>> --- a/drivers/media/media-entity.c
>> +++ b/drivers/media/media-entity.c
>> @@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev,
>>
>> void media_gobj_destroy(struct media_gobj *gobj)
>> {
>> - dev_dbg_obj(__func__, gobj);
>> -
>> /* Do nothing if the object is not linked. */
>> if (gobj->mdev == NULL)
>> return;
>>
>> + dev_dbg_obj(__func__, gobj);
>> +
>> gobj->mdev->topology_version++;
>>
>> /* Remove the object from mdev list */
>
> Where is media_gobj_destroy() called with an object with NULL mdev?
>
> I do not object to the change, but would like to know because I don't think
> it's supposed to happen.
This happens when media_device_unregister(mdev) is called before
unregistering the subdevices v4l2_device_unregister_subdev(sd) (which
should be possible).
v4l2_device_unregister_subdev(sd) ends up calling v4l2_device_release()
that calls media_device_unregister_entity() again (previously called by
media_device_unregister(mdev)
Helen
>
> There are issues though, until the patches fixing object referencing are
> finished and merged. Unfortunately I haven't been able to work on those
> recently, will pick them up again soon...
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-04-07 14:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-06 19:32 [PATCH] [media] media-entity: only call dev_dbg_obj if mdev is not NULL Helen Koike
2017-04-07 7:40 ` Sakari Ailus
2017-04-07 14:36 ` Helen Koike
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).