openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/media/platform
History
Eugeniu Rosca c92d30e4b7 media: vsp1: dl: Fix NULL pointer dereference on unbind 
In commit f3b98e3c4d ("media: vsp1: Provide support for extended
command pools"), the vsp pointer used for referencing the VSP1 device
structure from a command pool during vsp1_dl_ext_cmd_pool_destroy() was
not populated.

Correctly assign the pointer to prevent the following
null-pointer-dereference when removing the device:

[*] h3ulcb-kf #>
echo fea28000.vsp > /sys/bus/platform/devices/fea28000.vsp/driver/unbind
 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028
 Mem abort info:
   ESR = 0x96000006
   EC = 0x25: DABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
 Data abort info:
   ISV = 0, ISS = 0x00000006
   CM = 0, WnR = 0
 user pgtable: 4k pages, 48-bit VAs, pgdp=00000007318be000
 [0000000000000028] pgd=00000007333a1003, pud=00000007333a6003, pmd=0000000000000000
 Internal error: Oops: 96000006 [#1] PREEMPT SMP
 Modules linked in:
 CPU: 1 PID: 486 Comm: sh Not tainted 5.7.0-rc6-arm64-renesas-00118-ge644645abf47 #185
 Hardware name: Renesas H3ULCB Kingfisher board based on r8a77951 (DT)
 pstate: 40000005 (nZcv daif -PAN -UAO)
 pc : vsp1_dlm_destroy+0xe4/0x11c
 lr : vsp1_dlm_destroy+0xc8/0x11c
 sp : ffff800012963b60
 x29: ffff800012963b60 x28: ffff0006f83fc440
 x27: 0000000000000000 x26: ffff0006f5e13e80
 x25: ffff0006f5e13ed0 x24: ffff0006f5e13ed0
 x23: ffff0006f5e13ed0 x22: dead000000000122
 x21: ffff0006f5e3a080 x20: ffff0006f5df2938
 x19: ffff0006f5df2980 x18: 0000000000000003
 x17: 0000000000000000 x16: 0000000000000016
 x15: 0000000000000003 x14: 00000000000393c0
 x13: ffff800011a5ec18 x12: ffff800011d8d000
 x11: ffff0006f83fcc68 x10: ffff800011a53d70
 x9 : ffff8000111f3000 x8 : 0000000000000000
 x7 : 0000000000210d00 x6 : 0000000000000000
 x5 : ffff800010872e60 x4 : 0000000000000004
 x3 : 0000000078068000 x2 : ffff800012781000
 x1 : 0000000000002c00 x0 : 0000000000000000
 Call trace:
  vsp1_dlm_destroy+0xe4/0x11c
  vsp1_wpf_destroy+0x10/0x20
  vsp1_entity_destroy+0x24/0x4c
  vsp1_destroy_entities+0x54/0x130
  vsp1_remove+0x1c/0x40
  platform_drv_remove+0x28/0x50
  __device_release_driver+0x178/0x220
  device_driver_detach+0x44/0xc0
  unbind_store+0xe0/0x104
  drv_attr_store+0x20/0x30
  sysfs_kf_write+0x48/0x70
  kernfs_fop_write+0x148/0x230
  __vfs_write+0x18/0x40
  vfs_write+0xdc/0x1c4
  ksys_write+0x68/0xf0
  __arm64_sys_write+0x18/0x20
  el0_svc_common.constprop.0+0x70/0x170
  do_el0_svc+0x20/0x80
  el0_sync_handler+0x134/0x1b0
  el0_sync+0x140/0x180
 Code: b40000c2 f9403a60 d2800084 a9400663 (f9401400)
 ---[ end trace 3875369841fb288a ]---

Fixes: f3b98e3c4d ("media: vsp1: Provide support for extended command pools")
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Tested-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
 		2020-07-04 12:02:02 +02:00
..
am437x media: Kconfig files: use select for V4L2 subdevs and MC 2020-04-14 10:29:05 +02:00
atmel media: atmel: atmel-sama5d2-isc: fix warning in configs without OF 2020-07-04 11:56:20 +02:00
cadence media: Kconfig files: use select for V4L2 subdevs and MC 2020-04-14 10:29:05 +02:00
coda media: coda: jpeg: add NULL check after kmalloc 2020-07-04 11:56:37 +02:00
davinci media: vpif: Fix runtime PM imbalance in vpif_probe 2020-06-23 13:21:04 +02:00
exynos-gsc media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
exynos4-is media: exynos4-is: Fix runtime PM imbalance in fimc_is_probe 2020-06-23 13:20:48 +02:00
marvell-ccic media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() 2020-06-23 15:15:14 +02:00
mtk-jpeg media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
mtk-mdp media: mtk-mdp: Remove mtk_mdp_comp.id and supporting functionality 2020-07-04 12:01:29 +02:00
mtk-vcodec media: mtk-vpu: avoid unaligned access to DTCM buffer. 2020-03-12 16:25:33 +01:00
mtk-vpu media: mtk-vpu: load vpu firmware from the new location 2020-03-24 17:11:47 +01:00
omap media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
omap3isp media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() 2020-06-23 15:15:31 +02:00
qcom media: camss: use proper media entity function for subdevices 2020-07-04 11:55:23 +02:00
rcar-vin media: rcar-vin: Make use of V4L2_CAP_IO_MC 2020-05-06 12:09:28 +02:00
rockchip/rga media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
s3c-camif media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
s5p-g2d media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
s5p-jpeg media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
s5p-mfc media: s5p-mfc: Properly handle dma_parms for the allocated devices 2020-06-11 19:20:09 +02:00
sti media: move CEC platform drivers to a separate directory 2020-04-15 12:06:40 +02:00
stm32 media: move CEC platform drivers to a separate directory 2020-04-15 12:06:40 +02:00
sunxi media: sun8i: Fix an error handling path in 'deinterlace_runtime_resume()' 2020-05-05 17:26:26 +02:00
ti-vpe media: ti-vpe: avoid gcc-9 warning 2020-05-05 17:24:35 +02:00
vsp1 media: vsp1: dl: Fix NULL pointer dereference on unbind 2020-07-04 12:02:02 +02:00
xilinx media: v4l: xilinx: Add Xilinx MIPI CSI-2 Rx Subsystem driver 2020-06-23 13:11:46 +02:00
Kconfig media: media: sh_veu: Remove driver 2020-05-14 14:34:38 +02:00
Makefile media: media: sh_veu: Remove driver 2020-05-14 14:34:38 +02:00
aspeed-video.c media: aspeed: add AST2600 support 2020-03-02 15:53:39 +01:00
fsl-viu.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
imx-pxp.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
imx-pxp.h media: imx-pxp: add i.MX Pixel Pipeline driver 2018-09-11 13:32:17 -04:00
m2m-deinterlace.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
mx2_emmaprp.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
pxa_camera.c media: docs: move driver-specific info to driver-api 2020-04-14 10:36:18 +02:00
rcar-fcp.c media: platform: fcp: Set appropriate DMA parameters 2020-04-21 13:33:50 +02:00
rcar_drif.c media: rcar_drif: Do not print error in case of EPROBE_DEFER for dma channel 2020-03-02 16:09:04 +01:00
rcar_fdp1.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
rcar_jpu.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
renesas-ceu.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
sh_vou.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
via-camera.c Power management updates for 5.7-rc1 2020-03-30 15:05:01 -07:00
via-camera.h media: fix usage of whitespaces and on indentation 2018-01-04 13:12:01 -05:00
video-mux.c media: video-mux: Create media links in bound notifier 2020-05-18 14:20:56 +02:00