linux/drivers/media/platform
Mauro Carvalho Chehab 686ee9b625 media: venus: don't de-reference NULL pointers at IRQ time
Smatch is warning that:
	drivers/media/platform/qcom/venus/hfi_venus.c:1100 venus_isr() warn: variable dereferenced before check 'hdev' (see line 1097)

The logic basically does:
	hdev = to_hfi_priv(core);

with is translated to:
	hdev = core->priv;

If the IRQ code can receive a NULL pointer for hdev, there's
a bug there, as it will first try to de-reference the pointer,
and then check if it is null.

After looking at the code, it seems that this indeed can happen:
Basically, the venus IRQ thread is started with:
	devm_request_threaded_irq()
So, it will only be freed after the driver unbinds.

In order to prevent the IRQ code to work with freed data,
the logic at venus_hfi_destroy() sets core->priv to NULL,
which would make the IRQ code to ignore any pending IRQs.

There is, however a race condition, as core->priv is set
to NULL only after being freed. So, we need also to move the
core->priv = NULL to happen earlier.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2021-04-08 10:04:20 +02:00
..
allegro-dvt media: allegro-dvt/nal-h264.h: fix kernel-doc: hdr -> hrd 2021-04-06 10:27:21 +02:00
am437x media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00
atmel media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00
cadence media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00
coda media: coda: Remove unneeded of_match_ptr() 2021-03-22 13:03:46 +01:00
davinci media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00
exynos4-is media: exynos4-is: Fix kernel-doc entries in fimc-is.h 2021-04-06 19:35:48 +02:00
exynos-gsc media: exynos-gsc/gsc-core.h: fix kernel-doc warnings 2021-04-06 10:28:45 +02:00
imx-jpeg media: VIDEO_IMX8_JPEG should depend on ARCH_MXC and not default to m 2021-04-06 16:12:16 +02:00
marvell-ccic media: marvell-ccic: power up the device on mclk enable 2021-02-06 09:31:03 +01:00
meson/ge2d media: meson/ge2d: set ret to -ENOMEM 2021-01-27 08:32:16 +01:00
mtk-jpeg media: mtk-jpeg/mtk_jpeg_core.h: fix kernel-doc warnings 2021-03-22 12:56:51 +01:00
mtk-mdp media: mtk-mdp: fix kernel-doc warnings 2021-03-22 12:57:26 +01:00
mtk-vcodec media: mtk-vcodec: Separating mtk encoder driver 2021-04-06 16:06:52 +02:00
mtk-vpu media: mtk-vpu/mtk_vpu.h: fix kernel-doc warnings 2021-03-22 12:59:50 +01:00
omap media: videobuf2: Move frame_vector into media subsystem 2021-01-12 14:15:31 +01:00
omap3isp media: omap3isp: Acquire graph mutex for graph traversal 2021-04-06 14:34:20 +02:00
qcom media: venus: don't de-reference NULL pointers at IRQ time 2021-04-08 10:04:20 +02:00
rcar-vin media: rcar-vin/rcar-vin.h: fix kernel-doc formatting 2021-03-22 12:54:07 +01:00
rockchip media: rkisp1: rsz: crash fix when setting src format 2021-03-11 11:59:45 +01:00
s3c-camif media: s3c-camif/camif-core.h: fix kernel-doc warnings 2021-04-06 10:27:55 +02:00
s5p-g2d media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' 2020-07-19 08:14:00 +02:00
s5p-jpeg media: s5p-jpeg/jpeg-core.h: fix kernel-doc warnings 2021-04-06 10:28:16 +02:00
s5p-mfc media: s5p-mfc: Fix kernel-doc entries in s5p_mfc_common.h 2021-04-06 19:36:11 +02:00
sti media: media/platform/sti: fix kernel-doc formatting 2021-03-22 12:54:27 +01:00
stm32 media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00
sunxi media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() 2021-03-22 10:20:35 +01:00
ti-vpe media: ti-vpe: sc: remove redundant dev_err call in sc_create() 2021-04-06 16:09:31 +02:00
vsp1 media: vsp1/vsp1_drm.h: add missing 'struct' kernel-doc keyword 2021-03-22 12:55:08 +01:00
xilinx media: platform: xilinx: fix error return code of xvip_graph_init() 2021-03-22 10:19:45 +01:00
aspeed-video.c media: aspeed: fix clock handling logic 2021-03-11 11:59:45 +01:00
fsl-viu.c media: use getter/setter functions 2021-03-11 11:59:42 +01:00
imx-pxp.c media: imx-pxp: remove redundant dev_err call in pxp_probe() 2021-04-06 16:09:00 +02:00
imx-pxp.h media: imx-pxp: add i.MX Pixel Pipeline driver 2018-09-11 13:32:17 -04:00
Kconfig media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder 2021-03-22 10:47:21 +01:00
m2m-deinterlace.c media: media/platform: rename VFL_TYPE_GRABBER to _VIDEO 2020-02-24 16:54:14 +01:00
Makefile media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder 2021-03-22 10:47:21 +01:00
mx2_emmaprp.c media: mx2_emmaprp: Fix memleak in emmaprp_probe 2020-09-26 10:15:39 +02:00
pxa_camera.c media: use getter/setter functions 2021-03-11 11:59:42 +01:00
rcar_drif.c media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00
rcar_fdp1.c media: fdp1: Do not zero reserved fields 2021-01-27 13:18:45 +01:00
rcar_jpu.c media: jpu: Do not zero reserved fields 2021-01-27 13:19:03 +01:00
rcar-fcp.c media: platform: fcp: Fix a reference count leak. 2020-09-27 10:52:52 +02:00
renesas-ceu.c Devicetree updates for v5.12: 2021-02-22 10:05:12 -08:00
sh_vou.c media: sh_vou: Drop bogus __refdata annotation 2021-01-12 18:16:09 +01:00
via-camera.c Power management updates for 5.7-rc1 2020-03-30 15:05:01 -07:00
via-camera.h
video-mux.c media: v4l2-async: Improve v4l2_async_notifier_add_*_subdev() API 2021-02-06 09:18:53 +01:00