| Message ID | 20230705213010.390849-2-hdegoede@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Sakari Ailus |
| Headers |
Received: from vger.kernel.org ([23.128.96.18])
by www.linuxtv.org with esmtp (Exim 4.92)
(envelope-from <linux-media-owner@vger.kernel.org>)
id 1qHA5o-00CODK-8W; Wed, 05 Jul 2023 21:31:20 +0000
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231514AbjGEVbR (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other);
Wed, 5 Jul 2023 17:31:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37076 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231482AbjGEVbO (ORCPT
<rfc822;linux-media@vger.kernel.org>); Wed, 5 Jul 2023 17:31:14 -0400
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDF8019B2
for <linux-media@vger.kernel.org>;
Wed, 5 Jul 2023 14:30:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1688592627;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=y+8vuyD5M67TFv6LoooeJoTqBLl6qlPDtYuFzoWTY50=;
b=Mn64cAE0k1IhroZCk5XSJLIhVSFPAXzwbI7UjvTRtD/NrZyRBryr+OuiC2ThGjuC0ekvT5
1cUYvbu0UbjqNRF8RQj7YSL9dYKM/lCSex5KWqXCYis0Ybp7xLN7d/KiRlnDpvzNPUi1xJ
3z8Q7On3ytUoTG2R2wAgh4bFOi7hUsU=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
[66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-16-_DJ3MYxtNmeSCz-Q21B9yQ-1; Wed, 05 Jul 2023 17:30:23 -0400
X-MC-Unique: _DJ3MYxtNmeSCz-Q21B9yQ-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
[10.11.54.1])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 31E3E1C4FD83;
Wed, 5 Jul 2023 21:30:23 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.39.192.7])
by smtp.corp.redhat.com (Postfix) with ESMTP id 3F67940C2063;
Wed, 5 Jul 2023 21:30:21 +0000 (UTC)
From: Hans de Goede <hdegoede@redhat.com>
To: "Rafael J . Wysocki" <rafael@kernel.org>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Daniel Scally <dan.scally@ideasonboard.com>
Cc: Hans de Goede <hdegoede@redhat.com>, linux-acpi@vger.kernel.org,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Andy Shevchenko <andy@kernel.org>, Kate Hsuan <hpa@redhat.com>,
Hao Yao <hao.yao@intel.com>, Bingbu Cao <bingbu.cao@intel.com>,
linux-media@vger.kernel.org, =?utf-8?q?Fabian_W=C3=BCthrich?= <me@fabwu.ch>
Subject: [PATCH v3 01/18] media: ipu-bridge: Fix null pointer deref on
SSDB/PLD parsing warnings
Date: Wed, 5 Jul 2023 23:29:53 +0200
Message-ID: <20230705213010.390849-2-hdegoede@redhat.com>
In-Reply-To: <20230705213010.390849-1-hdegoede@redhat.com>
References: <20230705213010.390849-1-hdegoede@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,
T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-media.vger.kernel.org>
X-Mailing-List: linux-media@vger.kernel.org
X-LSpam-Score: -4.8 (----)
X-LSpam-Report: No,
score=-4.8 required=5.0 tests=BAYES_00=-1.9,DKIMWL_WL_HIGH=0.001,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.5,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_MED=-2.3
autolearn=ham autolearn_force=no
|
| Series |
media: ipu-bridge: Shared with atomisp, rework VCM instantiation
|
|
Commit Message
Hans de Goede
July 5, 2023, 9:29 p.m. UTC
When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run
sensor->adev is not set yet.
So if either of the dev_warn() calls about unknown values are hit this
will lead to a NULL pointer deref.
Set sensor->adev earlier, with a borrowed ref to avoid making unrolling
on errors harder, to fix this.
Fixes: 485aa3df0dff ("media: ipu3-cio2: Parse sensor orientation and rotation")
Cc: Fabian Wüthrich <me@fabwu.ch>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/media/pci/intel/ipu-bridge.c | 5 +++++
1 file changed, 5 insertions(+)
Comments
Hi Hans On 05/07/2023 22:29, Hans de Goede wrote: > When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run > sensor->adev is not set yet. > > So if either of the dev_warn() calls about unknown values are hit this > will lead to a NULL pointer deref. > > Set sensor->adev earlier, with a borrowed ref to avoid making unrolling > on errors harder, to fix this. > > Fixes: 485aa3df0dff ("media: ipu3-cio2: Parse sensor orientation and rotation") > Cc: Fabian Wüthrich <me@fabwu.ch> > Signed-off-by: Hans de Goede <hdegoede@redhat.com> > --- Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com> And same for the corresponding 09/18 > drivers/media/pci/intel/ipu-bridge.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/media/pci/intel/ipu-bridge.c b/drivers/media/pci/intel/ipu-bridge.c > index 62daa8c1f6b1..f0927f80184d 100644 > --- a/drivers/media/pci/intel/ipu-bridge.c > +++ b/drivers/media/pci/intel/ipu-bridge.c > @@ -308,6 +308,11 @@ static int ipu_bridge_connect_sensor(const struct ipu_sensor_config *cfg, > } > > sensor = &bridge->sensors[bridge->n_sensors]; > + /* > + * Borrow our adev ref to the sensor for now, on success > + * acpi_dev_get(adev) is done further below. > + */ > + sensor->adev = adev; > > ret = ipu_bridge_read_acpi_buffer(adev, "SSDB", > &sensor->ssdb,
diff --git a/drivers/media/pci/intel/ipu-bridge.c b/drivers/media/pci/intel/ipu-bridge.c index 62daa8c1f6b1..f0927f80184d 100644 --- a/drivers/media/pci/intel/ipu-bridge.c +++ b/drivers/media/pci/intel/ipu-bridge.c @@ -308,6 +308,11 @@ static int ipu_bridge_connect_sensor(const struct ipu_sensor_config *cfg, } sensor = &bridge->sensors[bridge->n_sensors]; + /* + * Borrow our adev ref to the sensor for now, on success + * acpi_dev_get(adev) is done further below. + */ + sensor->adev = adev; ret = ipu_bridge_read_acpi_buffer(adev, "SSDB", &sensor->ssdb,