| Message ID | 1491507120-28112-1-git-send-email-helen.koike@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi Helen, On Thu, Apr 06, 2017 at 04:32:00PM -0300, Helen Koike wrote: > Fix kernel Oops NULL pointer deference > Call dev_dbg_obj only after checking if gobj->mdev is not NULL > > Signed-off-by: Helen Koike <helen.koike@collabora.com> > --- > drivers/media/media-entity.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c > index 5640ca2..bc44193 100644 > --- a/drivers/media/media-entity.c > +++ b/drivers/media/media-entity.c > @@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev, > > void media_gobj_destroy(struct media_gobj *gobj) > { > - dev_dbg_obj(__func__, gobj); > - > /* Do nothing if the object is not linked. */ > if (gobj->mdev == NULL) > return; > > + dev_dbg_obj(__func__, gobj); > + > gobj->mdev->topology_version++; > > /* Remove the object from mdev list */ Where is media_gobj_destroy() called with an object with NULL mdev? I do not object to the change, but would like to know because I don't think it's supposed to happen. There are issues though, until the patches fixing object referencing are finished and merged. Unfortunately I haven't been able to work on those recently, will pick them up again soon...
Hi Sakari, On 2017-04-07 04:40 AM, Sakari Ailus wrote: > Hi Helen, > > On Thu, Apr 06, 2017 at 04:32:00PM -0300, Helen Koike wrote: >> Fix kernel Oops NULL pointer deference >> Call dev_dbg_obj only after checking if gobj->mdev is not NULL >> >> Signed-off-by: Helen Koike <helen.koike@collabora.com> >> --- >> drivers/media/media-entity.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c >> index 5640ca2..bc44193 100644 >> --- a/drivers/media/media-entity.c >> +++ b/drivers/media/media-entity.c >> @@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev, >> >> void media_gobj_destroy(struct media_gobj *gobj) >> { >> - dev_dbg_obj(__func__, gobj); >> - >> /* Do nothing if the object is not linked. */ >> if (gobj->mdev == NULL) >> return; >> >> + dev_dbg_obj(__func__, gobj); >> + >> gobj->mdev->topology_version++; >> >> /* Remove the object from mdev list */ > > Where is media_gobj_destroy() called with an object with NULL mdev? > > I do not object to the change, but would like to know because I don't think > it's supposed to happen. This happens when media_device_unregister(mdev) is called before unregistering the subdevices v4l2_device_unregister_subdev(sd) (which should be possible). v4l2_device_unregister_subdev(sd) ends up calling v4l2_device_release() that calls media_device_unregister_entity() again (previously called by media_device_unregister(mdev) Helen > > There are issues though, until the patches fixing object referencing are > finished and merged. Unfortunately I haven't been able to work on those > recently, will pick them up again soon... >
diff --git a/drivers/media/media-entity.c b/drivers/media/media-entity.c index 5640ca2..bc44193 100644 --- a/drivers/media/media-entity.c +++ b/drivers/media/media-entity.c @@ -199,12 +199,12 @@ void media_gobj_create(struct media_device *mdev, void media_gobj_destroy(struct media_gobj *gobj) { - dev_dbg_obj(__func__, gobj); - /* Do nothing if the object is not linked. */ if (gobj->mdev == NULL) return; + dev_dbg_obj(__func__, gobj); + gobj->mdev->topology_version++; /* Remove the object from mdev list */
Fix kernel Oops NULL pointer deference Call dev_dbg_obj only after checking if gobj->mdev is not NULL Signed-off-by: Helen Koike <helen.koike@collabora.com> --- drivers/media/media-entity.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)