From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andrzej Hajda <a.hajda@samsung.com>,
Sylwester Nawrocki <s.nawrocki@samsung.com>,
Kyungmin Park <kyungmin.park@samsung.com>,
Mauro Carvalho Chehab <m.chehab@samsung.com>
Subject: [ 075/110] media: exynos4-is: Fix entity unregistration on error path
Date: Tue, 24 Sep 2013 17:15:13 -0700 [thread overview]
Message-ID: <20130925001331.548191559@linuxfoundation.org> (raw)
In-Reply-To: <20130925001323.387158698@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
commit d2b903b4427e417a73863cef36ad0796ea6b7404 upstream.
This patch corrects media entities unregistration order to make sure
the fimc.N.capture and fimc-lite video nodes are unregistered with
fimc->lock mutex held. This prevents races between video device open()
and defered probing and NULL pointer dereference in open() callback
as follows:
[ 77.645000] Unable to handle kernel NULL pointer dereference at virtual address 00000290t
[ 77.655000] pgd = ee7a8000
[ 77.660000] [00000290] *pgd=6e13c831, *pte=00000000, *ppte=00000000
[ 77.665000] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[ 77.670000] Modules linked in: s5p_fimc ipv6 exynos_fimc_is exynos_fimc_lite
s5p_csis v4l2_mem2mem videobuf2_dma_contig videobuf2_memops exynos4_is_common videobuf2_core [last unloaded: s5p_fimc]
[ 77.685000] CPU: 0 PID : 2998 Comm: v4l_id Tainted: G W 3.10.0-next-20130709-00039-g39f491b-dirty #1548
[ 77.695000] task: ee084000 ti: ee46e000 task.ti: ee46e000
[ 77.700000] PC is at __mutex_lock_slowpath+0x54/0x368
[ 77.705000] LR is at __mutex_lock_slowpath+0x24/0x368
[ 77.710000] pc : [<c038dc10>] lr : [<c038dbe0>] psr: 60000093
[ 77.710000] sp : ee46fd70 ip : 000008c8 fp : c054e34c
[ 77.725000] r10: ee084000 r9 : 00000000 r8 : ee439480
[ 77.730000] r7 : ee46e000 r6 : 60000013 r5 : 00000290 r4 : 0000028c
[ 77.735000] r3 : 00000000 r2 : 00000000 r1 : 20000093 r0 : 00000001
[ 77.740000] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 77.750000] Control: 10c5387d Table: 6e7a804a DAC: 00000015
[ 77.755000] Process v4l_id (pid: 2998, stack limit = 0xee46e238)
[ 77.760000] Stack: (0xee46fd70 to 0xee470000)
...
[ 77.935000] [<c038dc10>] (__mutex_lock_slowpath+0x54/0x368) from [<c038df30>] (mutex_lock+0xc/0x24)
[ 77.945000] [<c038df30>] (mutex_lock+0xc/0x24) from [<bf03fa90>] (fimc_lite_open+0x12c/0x2bc [exynos_fimc_lite])
[ 77.955000] [<bf03fa90>] (fimc_lite_open+0x12c/0x2bc [exynos_fimc_lite]) from [<c02ab11c>] (v4l2_open+0xa0/0xe0)
[ 77.965000] [<c02ab11c>] (v4l2_open+0xa0/0xe0) from [<c00b1de4>] (chrdev_open+0x88/0x170)
[ 77.975000] [<c00b1de4>] (chrdev_open+0x88/0x170) from [<c00ac710>] (do_dentry_open.isra.14+0x1d8/0x258)
[ 77.985000] [<c00ac710>] (do_dentry_open.isra.14+0x1d8/0x258) from [<c00ac860>] (finish_open+0x20/0x38)
[ 77.995000] [<c00ac860>] (finish_open+0x20/0x38) from [<c00ba658>] (do_last.isra.43+0x538/0xb1c)
[ 78.000000] [<c00ba658>] (do_last.isra.43+0x538/0xb1c) from [<c00bacf0>] (path_openat+0xb4/0x5c4)
[ 78.010000] [<c00bacf0>] (path_openat+0xb4/0x5c4) from [<c00bb4b4>] (do_filp_open+0x2c/0x80)
[ 78.020000] [<c00bb4b4>] (do_filp_open+0x2c/0x80) from [<c00ad744>] (do_sys_open+0xf4/0x1a8)
[ 78.025000] [<c00ad744>] (do_sys_open+0xf4/0x1a8) from [<c000e320>] (ret_fast_syscall+0x0/0x30)
[ 78.035000] Code: 1a000093 e10f6000 f10c0080 e2845004 (e1953f9f)
Reported-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/exynos4-is/media-dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/platform/exynos4-is/media-dev.c
+++ b/drivers/media/platform/exynos4-is/media-dev.c
@@ -1441,9 +1441,9 @@ static int fimc_md_probe(struct platform
err_unlock:
mutex_unlock(&fmd->media_dev.graph_mutex);
err_clk:
- media_device_unregister(&fmd->media_dev);
fimc_md_put_clocks(fmd);
fimc_md_unregister_entities(fmd);
+ media_device_unregister(&fmd->media_dev);
err_md:
v4l2_device_unregister(&fmd->v4l2_dev);
return ret;
next prev parent reply other threads:[~2013-09-25 0:15 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-25 0:13 [ 000/110] 3.10.13-stable review Greg Kroah-Hartman
2013-09-25 0:13 ` [ 001/110] SCSI: Allow MPT Fusion SAS 3.0 driver to be built into the kernel Greg Kroah-Hartman
2013-09-25 0:14 ` [ 002/110] UBI: Fix PEB leak in wear_leveling_worker() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 003/110] SCSI: sd: Fix potential out-of-bounds access Greg Kroah-Hartman
2013-09-25 0:14 ` [ 004/110] crypto: api - Fix race condition in larval lookup Greg Kroah-Hartman
2013-09-25 0:14 ` [ 005/110] powerpc: Handle unaligned ldbrx/stdbrx Greg Kroah-Hartman
2013-09-25 0:14 ` [ 006/110] powerpc: Default arch idle could cede processor on pseries Greg Kroah-Hartman
2013-09-25 0:14 ` [ 007/110] xen-gnt: prevent adding duplicate gnt callbacks Greg Kroah-Hartman
2013-09-25 0:14 ` [ 008/110] ARM: xen: only set pm function ptrs for Xen guests Greg Kroah-Hartman
2013-09-25 0:14 ` [ 009/110] cpuidle: coupled: abort idle if pokes are pending Greg Kroah-Hartman
2013-09-25 0:14 ` [ 010/110] cpuidle: coupled: fix race condition between pokes and safe state Greg Kroah-Hartman
2013-09-25 0:14 ` [ 011/110] ARM: dts: at91: cpus/cpu node dts updates Greg Kroah-Hartman
2013-09-25 0:14 ` [ 012/110] ARM: dts: sunxi: cpus/cpu nodes " Greg Kroah-Hartman
2013-09-25 0:14 ` [ 013/110] ARM: dts: add missing cpu #address-cell values Greg Kroah-Hartman
2013-09-25 0:14 ` [ 014/110] ARM: KVM: Fix 64-bit coprocessor handling Greg Kroah-Hartman
2013-09-25 0:14 ` [ 015/110] arm64: perf: fix group validation when using enable_on_exec Greg Kroah-Hartman
2013-09-25 0:14 ` [ 016/110] arm64: perf: fix ARMv8 EVTYPE_MASK to include NSH bit Greg Kroah-Hartman
2013-09-25 0:14 ` [ 017/110] ARM: PCI: versatile: Fix map_irq function to match hardware Greg Kroah-Hartman
2013-09-25 0:14 ` [ 018/110] ARM: PCI: versatile: Fix PCI I/O Greg Kroah-Hartman
2013-09-25 0:14 ` [ 019/110] ARM: PCI: versatile: Fix SMAP register offsets Greg Kroah-Hartman
2013-09-25 0:14 ` [ 020/110] KVM: PPC: Book3S: Fix compile error in XICS emulation Greg Kroah-Hartman
2013-09-25 0:14 ` [ 021/110] xhci-plat: Dont enable legacy PCI interrupts Greg Kroah-Hartman
2013-09-25 0:14 ` [ 022/110] usb: xhci: Disable runtime PM suspend for quirky controllers Greg Kroah-Hartman
2013-09-25 0:14 ` [ 023/110] usb: dwc3: gadget: dont request IRQs in atomic Greg Kroah-Hartman
2013-09-25 0:14 ` [ 024/110] tty: disassociate_ctty() sends the extra SIGCONT Greg Kroah-Hartman
2013-09-25 0:14 ` [ 025/110] cifs: ensure that srv_mutex is held when dealing with ssocket pointer Greg Kroah-Hartman
2013-09-25 0:14 ` [ 026/110] CIFS: Fix a memory leak when a lease break comes Greg Kroah-Hartman
2013-09-25 0:14 ` [ 027/110] CIFS: Fix missing lease break Greg Kroah-Hartman
2013-09-25 0:14 ` [ 028/110] USB: OHCI: Allow runtime PM without system sleep Greg Kroah-Hartman
2013-09-25 0:14 ` [ 029/110] net: Check the correct namespace when spoofing pid over SCM_RIGHTS Greg Kroah-Hartman
2013-09-25 0:14 ` [ 030/110] staging: comedi: dt282x: dt282x_ai_insn_read() always fails Greg Kroah-Hartman
2013-09-25 0:14 ` [ 031/110] iio: mxs-lradc: Fix misuse of iio->trig Greg Kroah-Hartman
2013-09-25 0:14 ` [ 032/110] iio: mxs-lradc: Remove useless check in read_raw Greg Kroah-Hartman
2013-09-25 0:14 ` [ 033/110] ACPI / LPSS: dont crash if a device has no MMIO resources Greg Kroah-Hartman
2013-09-25 0:14 ` [ 034/110] USB: mos7720: use GFP_ATOMIC under spinlock Greg Kroah-Hartman
2013-09-25 0:14 ` [ 035/110] USB: mos7720: fix big-endian control requests Greg Kroah-Hartman
2013-09-25 0:14 ` [ 036/110] usb: ehci-mxc: check for pdata before dereferencing Greg Kroah-Hartman
2013-09-25 0:14 ` [ 037/110] USB: cdc-wdm: fix race between interrupt handler and tasklet Greg Kroah-Hartman
2013-09-25 0:14 ` [ 038/110] usb: gadget: uvc: Fix error handling in uvc_queue_buffer() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 039/110] usb: Dont fail port power resume on device disconnect Greg Kroah-Hartman
2013-09-25 0:14 ` [ 040/110] USB: fix build error when CONFIG_PM_SLEEP isnt enabled Greg Kroah-Hartman
2013-09-25 0:14 ` [ 041/110] usb: config->desc.bLength may not exceed amount of data returned by the device Greg Kroah-Hartman
2013-09-25 0:14 ` [ 042/110] USB: handle LPM errors during device suspend correctly Greg Kroah-Hartman
2013-09-25 0:14 ` [ 043/110] usb: dont check pm qos NO_POWER_OFF flag in usb_port_suspend() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 044/110] rculist: list_first_or_null_rcu() should use list_entry_rcu() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 045/110] ASoC: wm8960: Fix PLL register writes Greg Kroah-Hartman
2013-09-25 0:14 ` [ 046/110] ASoC: mc13783: add spi errata fix Greg Kroah-Hartman
2013-09-25 0:14 ` [ 047/110] x86, smap: Handle csum_partial_copy_*_user() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 048/110] Introduce [compat_]save_altstack_ex() to unbreak x86 SMAP Greg Kroah-Hartman
2013-09-25 0:14 ` [ 049/110] pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models Greg Kroah-Hartman
2013-09-25 0:14 ` [ 050/110] x86, amd_nb: Clarify F15h, model 30h GART and L3 support Greg Kroah-Hartman
2013-09-25 0:14 ` [ 051/110] x86/mce: Pay no attention to F bit in MCACOD when parsing UC errors Greg Kroah-Hartman
2013-09-25 0:14 ` [ 052/110] sched/x86: Optimize switch_mm() for multi-threaded workloads Greg Kroah-Hartman
2013-09-25 0:14 ` [ 053/110] ALSA: hda - Re-setup HDMI pin and audio infoframe on stream switches Greg Kroah-Hartman
2013-09-25 0:14 ` [ 054/110] ALSA: hda - hdmi: Fallback to ALSA allocation when selecting CA Greg Kroah-Hartman
2013-09-25 0:14 ` [ 055/110] ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist Greg Kroah-Hartman
2013-09-25 0:14 ` [ 056/110] pinctrl: at91: fix get_pullup/down function return Greg Kroah-Hartman
2013-09-25 0:14 ` [ 057/110] ext4: simplify truncation code in ext4_setattr() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 058/110] brcmsmac: Fix WARNING caused by lack of calls to dma_mapping_error() Greg Kroah-Hartman
2013-09-25 0:14 ` [ 059/110] ath9k: always clear ps filter bit on new assoc Greg Kroah-Hartman
2013-09-25 0:14 ` [ 060/110] ath9k: fix rx descriptor related race condition Greg Kroah-Hartman
2013-09-25 0:14 ` [ 061/110] ath9k: avoid accessing MRC registers on single-chain devices Greg Kroah-Hartman
2013-09-25 0:15 ` [ 062/110] HID: Correct the USB IDs for the new Macbook Air 6 Greg Kroah-Hartman
2013-09-25 0:15 ` [ 063/110] HID: pantherlord: validate output report details Greg Kroah-Hartman
2013-09-25 0:15 ` [ 064/110] HID: Fix Speedlink VAD Cezanne support for some devices Greg Kroah-Hartman
2013-09-25 0:15 ` [ 065/110] HID: sensor-hub: validate feature report details Greg Kroah-Hartman
2013-09-25 0:15 ` [ 066/110] HID: validate HID report id size Greg Kroah-Hartman
2013-09-25 0:15 ` [ 067/110] HID: picolcd_core: validate output report details Greg Kroah-Hartman
2013-09-25 0:15 ` [ 068/110] HID: ntrig: validate feature " Greg Kroah-Hartman
2013-09-25 0:15 ` [ 069/110] HID: picolcd: Prevent NULL pointer dereference on _remove() Greg Kroah-Hartman
2013-09-25 0:15 ` [ 070/110] HID: battery: dont do DMA from stack Greg Kroah-Hartman
2013-09-25 0:15 ` [ 071/110] HID: hidraw: correctly deallocate memory on device disconnect Greg Kroah-Hartman
2013-09-25 0:15 ` [ 072/110] HID: check for NULL field when setting values Greg Kroah-Hartman
2013-09-25 0:15 ` [ 073/110] HID: usbhid: quirk for N-Trig DuoSense Touch Screen Greg Kroah-Hartman
2013-09-25 0:15 ` [ 074/110] media: exynos-gsc: Register v4l2 device Greg Kroah-Hartman
2013-09-25 0:15 ` Greg Kroah-Hartman [this message]
2013-09-25 0:15 ` [ 076/110] media: s5p-g2d: Fix registration failure Greg Kroah-Hartman
2013-09-25 0:15 ` [ 077/110] media: DocBook: upgrade media_api DocBook version to 4.2 Greg Kroah-Hartman
2013-09-25 0:15 ` [ 078/110] media: hdpvr: fix iteration over uninitialized lists in hdpvr_probe() Greg Kroah-Hartman
2013-09-25 0:15 ` [ 079/110] media: v4l2: added missing mutex.h include to v4l2-ctrls.h Greg Kroah-Hartman
2013-09-25 0:15 ` [ 080/110] media: media: coda: Fix DT driver data pointer for i.MX27 Greg Kroah-Hartman
2013-09-25 0:15 ` [ 081/110] media: mb86a20s: Fix TS parallel mode Greg Kroah-Hartman
2013-09-25 0:15 ` [ 082/110] media: siano: fix divide error on 0 counters Greg Kroah-Hartman
2013-09-25 0:15 ` [ 083/110] Btrfs: dont allow the replace procedure on read only filesystems Greg Kroah-Hartman
2013-09-25 0:15 ` [ 084/110] uprobes: Fix utask->depth accounting in handle_trampoline() Greg Kroah-Hartman
2013-09-25 0:15 ` [ 085/110] leds: wm831x-status: Request a REG resource Greg Kroah-Hartman
2013-09-25 0:15 ` [ 086/110] MIPS: ath79: Fix ar933x watchdog clock Greg Kroah-Hartman
2013-09-25 0:15 ` [ 087/110] target: Fix >= v3.9+ regression in PR APTPL + ALUA metadata write-out Greg Kroah-Hartman
2013-09-25 0:15 ` [ 088/110] intel-iommu: Fix leaks in pagetable freeing Greg Kroah-Hartman
2013-09-25 0:15 ` [ 089/110] pidns: Fix hang in zap_pid_ns_processes by sending a potentially extra wakeup Greg Kroah-Hartman
2013-09-25 0:15 ` [ 090/110] pidns: fix vfork() after unshare(CLONE_NEWPID) Greg Kroah-Hartman
2013-09-25 0:15 ` [ 091/110] ocfs2: fix the end cluster offset of FIEMAP Greg Kroah-Hartman
2013-09-25 0:15 ` [ 092/110] memcg: fix multiple large threshold notifications Greg Kroah-Hartman
2013-09-25 0:15 ` [ 093/110] mm/huge_memory.c: fix potential NULL pointer dereference Greg Kroah-Hartman
2013-09-25 0:15 ` [ 094/110] proc: Restrict mounting the proc filesystem Greg Kroah-Hartman
2013-09-25 0:15 ` [ 095/110] isofs: Refuse RW mount of the filesystem instead of making it RO Greg Kroah-Hartman
2013-09-25 0:15 ` [ 096/110] amd64_edac: Fix single-channel setups Greg Kroah-Hartman
2013-09-25 0:15 ` [ 097/110] drm/edid: add quirk for Medion MD30217PG Greg Kroah-Hartman
2013-09-25 0:15 ` [ 098/110] um: Implement probe_kernel_read() Greg Kroah-Hartman
2013-09-25 0:15 ` [ 099/110] libceph: unregister request in __map_request failed and nofail == false Greg Kroah-Hartman
2013-09-25 0:15 ` [ 100/110] libceph: use pg_num_mask instead of pgp_num_mask for pg.seed calc Greg Kroah-Hartman
2013-09-25 0:15 ` [ 101/110] ceph: Dont forget the up_read(&osdc->map_sem) if met error Greg Kroah-Hartman
2013-09-25 0:15 ` [ 102/110] rbd: fix I/O error propagation for reads Greg Kroah-Hartman
2013-09-25 0:15 ` [ 103/110] mmc: tmio_mmc_dma: fix PIO fallback on SDHI Greg Kroah-Hartman
2013-09-25 0:15 ` [ 104/110] of: Fix missing memory initialization on FDT unflattening Greg Kroah-Hartman
2013-09-25 0:15 ` [ 105/110] mtd: nand: fix NAND_BUSWIDTH_AUTO for x16 devices Greg Kroah-Hartman
2013-09-25 0:15 ` [ 106/110] clk: wm831x: Initialise wm831x pointer on init Greg Kroah-Hartman
2013-09-25 0:15 ` [ 107/110] fuse: postpone end_page_writeback() in fuse_writepage_locked() Greg Kroah-Hartman
2013-09-25 0:15 ` [ 108/110] fuse: invalidate inode attributes on xattr modification Greg Kroah-Hartman
2013-09-25 0:15 ` [ 109/110] fuse: hotfix truncate_pagecache() issue Greg Kroah-Hartman
2013-09-25 0:15 ` [ 110/110] fuse: readdir: check for slash in names Greg Kroah-Hartman
2013-09-25 4:15 ` [ 000/110] 3.10.13-stable review Guenter Roeck
2013-09-26 1:09 ` Greg Kroah-Hartman
2013-09-26 2:25 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130925001331.548191559@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=a.hajda@samsung.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.chehab@samsung.com \
--cc=s.nawrocki@samsung.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).