renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-27 06:34:11 +08:00
Code
c974c436ea
linux-next/drivers/media/platform/s5p-mfc
History
Javier Martinez Canillas c974c436ea s5p-mfc: Fix race between s5p_mfc_probe() and s5p_mfc_open() 
The s5p_mfc_probe() function registers the video devices before all the
resources needed by s5p_mfc_open() are correctly initalized.

So if s5p_mfc_open() function is called before s5p_mfc_probe() finishes
(since the video dev is already registered), a NULL pointer dereference
will happen due s5p_mfc_open() accessing uninitialized vars such as the
struct s5p_mfc_dev .watchdog_timer and .mfc_ops fields.

An example is following BUG caused by add_timer() getting a NULL pointer:

[   45.765374] kernel BUG at kernel/time/timer.c:790!
[   45.765381] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
...
[   45.766149] [<c016fdf4>] (mod_timer) from [<bf181d18>] (s5p_mfc_open+0x274/0x4d4 [s5p_mfc])
[   45.766416] [<bf181d18>] (s5p_mfc_open [s5p_mfc]) from [<bf0214a0>] (v4l2_open+0x9c/0x100 [videodev])
[   45.766547] [<bf0214a0>] (v4l2_open [videodev]) from [<c01e355c>] (chrdev_open+0x9c/0x178)
[   45.766575] [<c01e355c>] (chrdev_open) from [<c01dceb4>] (do_dentry_open+0x1e0/0x300)
[   45.766595] [<c01dceb4>] (do_dentry_open) from [<c01ec2f0>] (path_openat+0x800/0x10d4)
[   45.766610] [<c01ec2f0>] (path_openat) from [<c01ed8b8>] (do_filp_open+0x5c/0xc0)
[   45.766624] [<c01ed8b8>] (do_filp_open) from [<c01de218>] (do_sys_open+0x10c/0x1bc)
[   45.766642] [<c01de218>] (do_sys_open) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
[   45.766655] Code: eaffffe3 e3a00001 e28dd008 e8bd81f0 (e7f001f2)

Fix it by registering the video devs as the last step in s5p_mfc_probe().

Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
2016-06-03 11:12:29 +02:00
..
Makefile [media] s5p makefiles: don't override other selections on obj-[ym] 2013-06-20 05:46:00 -03:00
regs-mfc-v6.h [media] s5p-mfc: check mfc bus ctrl before reset 2014-10-28 15:44:32 -02:00
regs-mfc-v7.h [media] s5p-mfc: Move INIT_BUFFER_OPTIONS from v7 to v6 2014-05-23 15:29:05 -03:00
regs-mfc-v8.h [media] s5p-mfc: Core support for v8 encoder 2014-05-23 15:47:24 -03:00
regs-mfc.h [media] media_tree: Fix spelling errors 2013-11-29 14:43:50 -02:00
s5p_mfc_cmd_v5.c [media] s5p_mfc: get rid of several warnings 2014-08-26 18:52:13 -03:00
s5p_mfc_cmd_v5.h [media] s5p-mfc: Update MFCv5 driver for callback based architecture 2012-10-05 22:53:37 -03:00
s5p_mfc_cmd_v6.c [media] s5p-mfc: add return value check in mfc_sys_init_cmd 2015-08-11 06:24:32 -03:00
s5p_mfc_cmd_v6.h [media] s5p-mfc: Update MFC v4l2 driver to support MFC6.x 2012-10-05 23:08:31 -03:00
s5p_mfc_cmd.c [media] s5p-mfc: Rename IS_MFCV6 macro 2013-08-18 07:08:34 -03:00
s5p_mfc_cmd.h [media] s5p-mfc: Update MFCv5 driver for callback based architecture 2012-10-05 22:53:37 -03:00
s5p_mfc_common.h [media] s5p-mfc: merge together s5p_mfc_hw_call and s5p_mfc_hw_call_void 2015-12-23 13:59:46 -02:00
s5p_mfc_ctrl.c [media] s5p-mfc: merge together s5p_mfc_hw_call and s5p_mfc_hw_call_void 2015-12-23 13:59:46 -02:00
s5p_mfc_ctrl.h [media] s5p-mfc: Extract open/close MFC instance commands 2014-05-23 15:00:20 -03:00
s5p_mfc_debug.h [media] s5p_mfc: don't use an external symbol called 'debug' 2014-08-26 18:52:02 -03:00
s5p_mfc_dec.c [media] s5p-mfc: merge together s5p_mfc_hw_call and s5p_mfc_hw_call_void 2015-12-23 13:59:46 -02:00
s5p_mfc_dec.h [media] s5p-mfc: constify s5p_mfc_codec_ops structures 2015-12-23 13:52:30 -02:00
s5p_mfc_enc.c [media] s5p-mfc: add the support of V4L2_CID_MPEG_VIDEO_FORCE_KEY_FRAME 2016-02-19 08:10:36 -02:00
s5p_mfc_enc.h [media] s5p-mfc: constify s5p_mfc_codec_ops structures 2015-12-23 13:52:30 -02:00
s5p_mfc_intr.c [media] s5p-mfc: Update MFCv5 driver for callback based architecture 2012-10-05 22:53:37 -03:00
s5p_mfc_intr.h
s5p_mfc_opr_v5.c [media] s5p-mfc: use spinlock to protect MFC context 2015-12-23 13:58:36 -02:00
s5p_mfc_opr_v5.h [media] s5p-mfc: Update MFCv5 driver for callback based architecture 2012-10-05 22:53:37 -03:00
s5p_mfc_opr_v6.c [media] s5p-mfc: merge together s5p_mfc_hw_call and s5p_mfc_hw_call_void 2015-12-23 13:59:46 -02:00
s5p_mfc_opr_v6.h [media] s5p-mfc: Add variants to access mfc registers 2014-05-23 15:30:38 -03:00
s5p_mfc_opr.c [media] s5p-mfc: add additional check for incorrect memory configuration 2015-08-11 06:25:50 -03:00
s5p_mfc_opr.h [media] s5p-mfc: remove volatile attribute from MFC register addresses 2015-12-23 14:00:22 -02:00
s5p_mfc_pm.c media / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM 2014-12-05 02:55:12 +01:00
s5p_mfc_pm.h
s5p_mfc.c s5p-mfc: Fix race between s5p_mfc_probe() and s5p_mfc_open() 2016-06-03 11:12:29 +02:00