Re: [PATCH] [media] gspca-ov534: don't call sd_start() from sd_init()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Hans de Goede <hdegoede@redhat.com>
To: Antonio Ospite <ospite@studenti.unina.it>
Cc: linux-media@vger.kernel.org,
	Yaroslav Zakharuk <slavikz@gmail.com>,
	1173723@bugs.launchpad.net, stable@vger.kernel.org
Subject: Re: [PATCH] [media] gspca-ov534: don't call sd_start() from sd_init()
Date: Tue, 20 Aug 2013 14:21:22 +0200	[thread overview]
Message-ID: <52135F42.1070707@redhat.com> (raw)
In-Reply-To: <1376562572-10772-1-git-send-email-ospite@studenti.unina.it>

Hi,

Thanks for the patch I've added this to my "gspca" tree, and this
will be included in my next pull-request to Mauro for 3.12

Regards,

Hans



On 08/15/2013 12:29 PM, Antonio Ospite wrote:
> sd_start() operates on device controls but after the conversion to the
> v4l2 control framework in commits 62bba5d and 1bd7d6a controls are
> initialized in sd_init_controls() which is called _after_ sd_init():
>
> The change fixes a NULL pointer dereference for Hercules Blog Webcam;
> the problem is observable since 3.6:
>
>    gspca_main: v2.14.0 registered
>    gspca_main: ov534-2.14.0 probing 06f8:3002
>    BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
>    IP: [<ffffffffa03c1b01>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
>    PGD 0
>    Oops: 0000 [#1] SMP
>    Modules linked in: gspca_ov534(+) gspca_main videodev rfcomm bnep ppdev bluetooth binfmt_misc snd_hda_codec_hdmi snd_hda_codec_realtek stir4200 irda crc_ccitt usblp snd_hda_intel snd_hda_codec snd_hwdep snd_pcm hid_generic snd_page_alloc snd_seq_midi snd_seq_midi_event usbhid snd_rawmidi snd_seq snd_seq_device snd_timer hid i915 snd psmouse drm_kms_helper serio_raw mei_me drm mei soundcore video i2c_algo_bit lpc_ich mac_hid coretemp lp parport firewire_ohci firewire_core crc_itu_t ahci libahci alx mdio r8169 mii [last unloaded: parport_pc]
>    CPU: 3 PID: 4352 Comm: modprobe Not tainted 3.11.0-031100rc2-generic #201307211535
>    Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./Z77-DS3H, BIOS F9 09/19/2012
>    task: ffff8801c20f9770 ti: ffff8801ceaa0000 task.ti: ffff8801ceaa0000
>    RIP: 0010:[<ffffffffa03c1b01>]  [<ffffffffa03c1b01>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
>    RSP: 0018:ffff8801ceaa1af8  EFLAGS: 00010292
>    RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000001988b
>    RDX: 000000000001988a RSI: ffffffffa032745a RDI: 0000000000000000
>    RBP: ffff8801ceaa1b28 R08: 0000000000017380 R09: ffffea0008419d80
>    R10: ffffffff81538f5a R11: 0000000000000002 R12: ffffffffa03273dc
>    R13: ffffffffa03273dc R14: 0000000000000000 R15: ffffffffa03270a0
>    FS:  00007f72d564a740(0000) GS:ffff88021f380000(0000) knlGS:0000000000000000
>    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>    CR2: 0000000000000050 CR3: 00000001bd1f0000 CR4: 00000000001407e0
>    Stack:
>     ffff8801ceaa1b28 ffffffffa0325cff ffff8801000001f4 ffff8801ceb44000
>     ffffffffa03273dc ffff8801ceb44000 ffff8801ceaa1b58 ffffffffa032688e
>     ffff8801ceb44000 ffffffffa03274f0 ffffffffa03274f0 ffff8801ceb44380
>    Call Trace:
>     [<ffffffffa0325cff>] ? sccb_w_array+0x3f/0x80 [gspca_ov534]
>     [<ffffffffa032688e>] sd_start+0xce/0x2b0 [gspca_ov534]
>     [<ffffffffa0326bf9>] sd_init+0x189/0x1e8 [gspca_ov534]
>     [<ffffffffa02a0c95>] gspca_dev_probe2+0x285/0x410 [gspca_main]
>     [<ffffffffa02a0e58>] gspca_dev_probe+0x38/0x60 [gspca_main]
>     [<ffffffffa0325081>] sd_probe+0x21/0x30 [gspca_ov534]
>     [<ffffffff8153c960>] usb_probe_interface+0x1c0/0x2f0
>     [<ffffffff8148758c>] really_probe+0x6c/0x330
>     [<ffffffff814879d7>] driver_probe_device+0x47/0xa0
>     [<ffffffff81487adb>] __driver_attach+0xab/0xb0
>     [<ffffffff81487a30>] ? driver_probe_device+0xa0/0xa0
>     [<ffffffff814857be>] bus_for_each_dev+0x5e/0x90
>     [<ffffffff8148714e>] driver_attach+0x1e/0x20
>     [<ffffffff81486bdc>] bus_add_driver+0x10c/0x290
>     [<ffffffff8148805d>] driver_register+0x7d/0x160
>     [<ffffffff8153b590>] usb_register_driver+0xa0/0x160
>     [<ffffffffa0067000>] ? 0xffffffffa0066fff
>     [<ffffffffa006701e>] sd_driver_init+0x1e/0x1000 [gspca_ov534]
>     [<ffffffff8100212a>] do_one_initcall+0xfa/0x1b0
>     [<ffffffff810578c3>] ? set_memory_nx+0x43/0x50
>     [<ffffffff81712e8d>] do_init_module+0x80/0x1d1
>     [<ffffffff810d2079>] load_module+0x4c9/0x5f0
>     [<ffffffff810cf7b0>] ? add_kallsyms+0x210/0x210
>     [<ffffffff810d2254>] SyS_init_module+0xb4/0x100
>     [<ffffffff817333ef>] tracesys+0xe1/0xe6
>    Code: a0 09 00 00 48 c7 c7 30 c3 3c a0 e8 7a 38 ca e0 eb cf 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb 48 83 ec 28 <8b> 47 50 83 e8 05 83 f8 02 77 09 80 b8 20 8c 3c a0 00 74 1d 48
>    RIP  [<ffffffffa03c1b01>] v4l2_ctrl_g_ctrl+0x11/0x60 [videodev]
>     RSP <ffff8801ceaa1af8>
>    CR2: 0000000000000050
>    ---[ end trace 6786f15abfd2ac90 ]---
>
> Original bug report from:
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173723/
>
> Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
> Tested-by: Yaroslav Zakharuk <slavikz@gmail.com>
> Cc: <stable@vger.kernel.org> # 3.6+
> ---
>   drivers/media/usb/gspca/ov534.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/media/usb/gspca/ov534.c b/drivers/media/usb/gspca/ov534.c
> index 2e28c81..03a33c4 100644
> --- a/drivers/media/usb/gspca/ov534.c
> +++ b/drivers/media/usb/gspca/ov534.c
> @@ -1305,8 +1305,7 @@ static int sd_init(struct gspca_dev *gspca_dev)
>   	ov534_set_led(gspca_dev, 1);
>   	sccb_w_array(gspca_dev, sensor_init[sd->sensor].val,
>   			sensor_init[sd->sensor].len);
> -	if (sd->sensor == SENSOR_OV767x)
> -		sd_start(gspca_dev);
> +
>   	sd_stopN(gspca_dev);
>   /*	set_frame_rate(gspca_dev);	*/
>
>

next prev parent reply	other threads:[~2013-08-20 12:21 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-29  9:16 [Regression 3.5->3.6, bisected] gspca_ov534: kernel oops when connecting Hercules Blog Webcam Yaroslav Zakharuk
2013-07-31 11:36 ` Antonio Ospite
2013-08-04 22:20   ` [PATCH RFC] [media] gspca-ov534: don't call sd_start() from sd_init() Antonio Ospite
2013-08-10  6:10     ` Yaroslav Zakharuk
2013-08-15 10:29       ` [PATCH] " Antonio Ospite
2013-08-20 12:21         ` Hans de Goede [this message]
2013-08-20 13:13           ` Antonio Ospite
2013-08-20 13:38             ` Hans de Goede

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52135F42.1070707@redhat.com \
    --to=hdegoede@redhat.com \
    --cc=1173723@bugs.launchpad.net \
    --cc=linux-media@vger.kernel.org \
    --cc=ospite@studenti.unina.it \
    --cc=slavikz@gmail.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.