From: sashiko-bot@kernel.org
To: "Vishnu Reddy" <busanna.reddy@oss.qualcomm.com>
Cc: devicetree@vger.kernel.org, conor+dt@kernel.org, robh@kernel.org,
krzk+dt@kernel.org
Subject: Re: [PATCH v5 12/14] media: iris: Add platform data for glymur
Date: Sat, 09 May 2026 04:23:43 +0000 [thread overview]
Message-ID: <20260509042343.9B902C2BCB2@smtp.kernel.org> (raw)
In-Reply-To: <20260509-glymur-v5-12-7fbb340c5dbd@oss.qualcomm.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Stack use-after-return / dangling pointer due to storing a local variable's address in device driver data.
--
commit 93f713f9565a33672387c6d251540a853b65cebf
Author: Vishnu Reddy <busanna.reddy@oss.qualcomm.com>
media: iris: Add platform data for glymur
On glymur platform, the iris core shares most properties with the iris core
on the SM8550 platform, but integrates two codec cores instead of one. Add
glymur specific platform data, reusing SM8550 definitions wherever applicable.
> diff --git a/drivers/media/platform/qcom/iris/iris_platform_glymur.c b/drivers/media/platform/qcom/iris/iris_platform_glymur.c
> new file mode 100644
> index 0000000000000..f16155b7dc997
> --- /dev/null
> +++ b/drivers/media/platform/qcom/iris/iris_platform_glymur.c
[ ... ]
> +int iris_glymur_init_cb_devs(struct iris_core *core)
> +{
> + u64 dma_mask = core->iris_platform_data->dma_mask;
> + const u32 fw_fid = IOMMU_FID_IRIS_FIRMWARE;
> + struct device *dev;
> +
> + dev = create_iris_vpu_bus_device(core->dev, "iris-firmware", dma_mask, &fw_fid);
Does this leave a dangling pointer in the device driver data?
Looking at create_iris_vpu_bus_device(), it calls dev_set_drvdata() to store
the address of fw_fid in the newly registered device.
Since fw_fid is a local variable on the stack, its lifetime ends when
iris_glymur_init_cb_devs() returns. Any later dereference of this pointer
from the device's driver data will read invalid stack memory.
Could fw_fid be declared as static, or its lifetime otherwise tied to the
device?
> + if (IS_ERR(dev))
> + return PTR_ERR(dev);
> +
> + if (device_iommu_mapped(dev))
> + core->fw_dev = dev;
> + else
> + device_unregister(dev);
> +
> + return 0;
> +}
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260509-glymur-v5-0-7fbb340c5dbd@oss.qualcomm.com?part=12
next prev parent reply other threads:[~2026-05-09 4:23 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-08 18:59 [PATCH v5 00/14] media: iris: Add support for glymur platform Vishnu Reddy
2026-05-08 18:59 ` [PATCH v5 01/14] media: iris: Add iris vpu bus support Vishnu Reddy
2026-05-08 19:16 ` Dmitry Baryshkov
2026-05-09 17:05 ` Vishnu Reddy
2026-05-08 23:20 ` sashiko-bot
2026-05-08 18:59 ` [PATCH v5 02/14] iommu: Add iris-vpu-bus to iommu_buses Vishnu Reddy
2026-05-08 19:16 ` Dmitry Baryshkov
2026-05-08 23:42 ` sashiko-bot
2026-05-08 18:59 ` [PATCH v5 03/14] media: iris: Fix VM count passed to firmware Vishnu Reddy
2026-05-08 19:20 ` Dmitry Baryshkov
2026-05-08 18:59 ` [PATCH v5 04/14] dt-bindings: media: qcom,venus: Remove clock, power-domain, and iommus from common schema Vishnu Reddy
2026-05-08 19:22 ` Dmitry Baryshkov
2026-05-09 17:04 ` Vishnu Reddy
2026-05-08 18:59 ` [PATCH v5 05/14] dt-bindings: media: qcom,glymur-iris: Add glymur video codec Vishnu Reddy
2026-05-08 18:59 ` [PATCH v5 06/14] media: iris: Add context bank hooks for platform specific initialization Vishnu Reddy
2026-05-09 0:41 ` sashiko-bot
2026-05-08 18:59 ` [PATCH v5 07/14] media: iris: Enable Secure PAS support with IOMMU managed by Linux Vishnu Reddy
2026-05-08 19:05 ` Trilok Soni
2026-05-08 20:20 ` Dmitry Baryshkov
2026-05-09 2:05 ` sashiko-bot
2026-05-08 18:59 ` [PATCH v5 08/14] media: iris: Rename clock and power domain macros to use vcodec prefix Vishnu Reddy
2026-05-08 20:22 ` Dmitry Baryshkov
2026-05-09 17:07 ` Vishnu Reddy
2026-05-09 2:18 ` sashiko-bot
2026-05-08 18:59 ` [PATCH v5 09/14] media: iris: Use power domain type to look up pd_devs index Vishnu Reddy
2026-05-08 20:44 ` Dmitry Baryshkov
2026-05-09 17:02 ` Vishnu Reddy
2026-05-08 18:59 ` [PATCH v5 10/14] media: iris: Add power sequence for Glymur Vishnu Reddy
2026-05-08 20:54 ` Dmitry Baryshkov
2026-05-09 2:56 ` sashiko-bot
2026-05-08 19:00 ` [PATCH v5 11/14] media: iris: Add support to select core for dual core platforms Vishnu Reddy
2026-05-08 21:00 ` Dmitry Baryshkov
2026-05-09 3:55 ` sashiko-bot
2026-05-08 19:00 ` [PATCH v5 12/14] media: iris: Add platform data for glymur Vishnu Reddy
2026-05-08 21:05 ` Dmitry Baryshkov
2026-05-09 4:23 ` sashiko-bot [this message]
2026-05-08 19:00 ` [PATCH v5 13/14] arm64: dts: qcom: glymur: Add iris video node Vishnu Reddy
2026-05-08 19:27 ` Dmitry Baryshkov
2026-05-09 16:56 ` Vishnu Reddy
2026-05-08 19:00 ` [PATCH v5 14/14] arm64: dts: qcom: glymur-crd: Enable iris video codec node Vishnu Reddy
2026-05-08 23:54 ` Dmitry Baryshkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260509042343.9B902C2BCB2@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=busanna.reddy@oss.qualcomm.com \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=krzk+dt@kernel.org \
--cc=robh@kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox