From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andrzej Hajda <a.hajda@samsung.com>,
Sylwester Nawrocki <s.nawrocki@samsung.com>,
Kyungmin Park <kyungmin.park@samsung.com>,
Mauro Carvalho Chehab <m.chehab@samsung.com>
Subject: [ 086/117] media: exynos4-is: Fix entity unregistration on error path
Date: Tue, 24 Sep 2013 17:19:12 -0700 [thread overview]
Message-ID: <20130925001750.341130971@linuxfoundation.org> (raw)
In-Reply-To: <20130925001740.833541979@linuxfoundation.org>
3.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
commit d2b903b4427e417a73863cef36ad0796ea6b7404 upstream.
This patch corrects media entities unregistration order to make sure
the fimc.N.capture and fimc-lite video nodes are unregistered with
fimc->lock mutex held. This prevents races between video device open()
and defered probing and NULL pointer dereference in open() callback
as follows:
[ 77.645000] Unable to handle kernel NULL pointer dereference at virtual address 00000290t
[ 77.655000] pgd = ee7a8000
[ 77.660000] [00000290] *pgd=6e13c831, *pte=00000000, *ppte=00000000
[ 77.665000] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[ 77.670000] Modules linked in: s5p_fimc ipv6 exynos_fimc_is exynos_fimc_lite
s5p_csis v4l2_mem2mem videobuf2_dma_contig videobuf2_memops exynos4_is_common videobuf2_core [last unloaded: s5p_fimc]
[ 77.685000] CPU: 0 PID : 2998 Comm: v4l_id Tainted: G W 3.10.0-next-20130709-00039-g39f491b-dirty #1548
[ 77.695000] task: ee084000 ti: ee46e000 task.ti: ee46e000
[ 77.700000] PC is at __mutex_lock_slowpath+0x54/0x368
[ 77.705000] LR is at __mutex_lock_slowpath+0x24/0x368
[ 77.710000] pc : [<c038dc10>] lr : [<c038dbe0>] psr: 60000093
[ 77.710000] sp : ee46fd70 ip : 000008c8 fp : c054e34c
[ 77.725000] r10: ee084000 r9 : 00000000 r8 : ee439480
[ 77.730000] r7 : ee46e000 r6 : 60000013 r5 : 00000290 r4 : 0000028c
[ 77.735000] r3 : 00000000 r2 : 00000000 r1 : 20000093 r0 : 00000001
[ 77.740000] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 77.750000] Control: 10c5387d Table: 6e7a804a DAC: 00000015
[ 77.755000] Process v4l_id (pid: 2998, stack limit = 0xee46e238)
[ 77.760000] Stack: (0xee46fd70 to 0xee470000)
...
[ 77.935000] [<c038dc10>] (__mutex_lock_slowpath+0x54/0x368) from [<c038df30>] (mutex_lock+0xc/0x24)
[ 77.945000] [<c038df30>] (mutex_lock+0xc/0x24) from [<bf03fa90>] (fimc_lite_open+0x12c/0x2bc [exynos_fimc_lite])
[ 77.955000] [<bf03fa90>] (fimc_lite_open+0x12c/0x2bc [exynos_fimc_lite]) from [<c02ab11c>] (v4l2_open+0xa0/0xe0)
[ 77.965000] [<c02ab11c>] (v4l2_open+0xa0/0xe0) from [<c00b1de4>] (chrdev_open+0x88/0x170)
[ 77.975000] [<c00b1de4>] (chrdev_open+0x88/0x170) from [<c00ac710>] (do_dentry_open.isra.14+0x1d8/0x258)
[ 77.985000] [<c00ac710>] (do_dentry_open.isra.14+0x1d8/0x258) from [<c00ac860>] (finish_open+0x20/0x38)
[ 77.995000] [<c00ac860>] (finish_open+0x20/0x38) from [<c00ba658>] (do_last.isra.43+0x538/0xb1c)
[ 78.000000] [<c00ba658>] (do_last.isra.43+0x538/0xb1c) from [<c00bacf0>] (path_openat+0xb4/0x5c4)
[ 78.010000] [<c00bacf0>] (path_openat+0xb4/0x5c4) from [<c00bb4b4>] (do_filp_open+0x2c/0x80)
[ 78.020000] [<c00bb4b4>] (do_filp_open+0x2c/0x80) from [<c00ad744>] (do_sys_open+0xf4/0x1a8)
[ 78.025000] [<c00ad744>] (do_sys_open+0xf4/0x1a8) from [<c000e320>] (ret_fast_syscall+0x0/0x30)
[ 78.035000] Code: 1a000093 e10f6000 f10c0080 e2845004 (e1953f9f)
Reported-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/exynos4-is/media-dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/platform/exynos4-is/media-dev.c
+++ b/drivers/media/platform/exynos4-is/media-dev.c
@@ -1530,9 +1530,9 @@ static int fimc_md_probe(struct platform
err_unlock:
mutex_unlock(&fmd->media_dev.graph_mutex);
err_clk:
- media_device_unregister(&fmd->media_dev);
fimc_md_put_clocks(fmd);
fimc_md_unregister_entities(fmd);
+ media_device_unregister(&fmd->media_dev);
err_md:
v4l2_device_unregister(&fmd->v4l2_dev);
return ret;
next prev parent reply other threads:[~2013-09-25 0:19 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-25 0:17 [ 000/117] 3.11.2-stable review Greg Kroah-Hartman
2013-09-25 0:17 ` [ 001/117] ARC: SMP failed to boot due to missing IVT setup Greg Kroah-Hartman
2013-09-25 0:17 ` [ 002/117] ipc/msg.c: Fix lost wakeup in msgsnd() Greg Kroah-Hartman
2013-09-25 0:17 ` [ 003/117] xtensa: Fix broken allmodconfig build Greg Kroah-Hartman
2013-09-25 0:17 ` [ 004/117] SCSI: Allow MPT Fusion SAS 3.0 driver to be built into the kernel Greg Kroah-Hartman
2013-09-25 0:17 ` [ 005/117] drm/i915: make user mode sync polarity setting explicit Greg Kroah-Hartman
2013-10-02 17:30 ` Sven Joachim
2013-10-02 21:11 ` Daniel Vetter
2013-10-02 21:24 ` Greg Kroah-Hartman
2013-09-25 0:17 ` [ 006/117] firmware loader: fix pending_fw_head list corruption Greg Kroah-Hartman
2013-09-25 0:17 ` [ 007/117] zram: fix invalid memory access Greg Kroah-Hartman
2013-09-25 0:17 ` [ 008/117] zram: dont grab mutex in zram_slot_free_noity Greg Kroah-Hartman
2013-09-25 0:17 ` [ 009/117] UBI: Fix PEB leak in wear_leveling_worker() Greg Kroah-Hartman
2013-09-25 0:17 ` [ 010/117] SCSI: sd: Fix potential out-of-bounds access Greg Kroah-Hartman
2013-09-25 0:17 ` [ 011/117] crypto: api - Fix race condition in larval lookup Greg Kroah-Hartman
2013-09-25 0:17 ` [ 012/117] s390/bpf,jit: fix address randomization Greg Kroah-Hartman
2013-09-25 0:17 ` [ 013/117] powerpc: Handle unaligned ldbrx/stdbrx Greg Kroah-Hartman
2013-09-25 0:18 ` [ 014/117] powerpc: Default arch idle could cede processor on pseries Greg Kroah-Hartman
2013-09-25 0:18 ` [ 015/117] xen-gnt: prevent adding duplicate gnt callbacks Greg Kroah-Hartman
2013-09-25 0:18 ` [ 016/117] ARM: xen: only set pm function ptrs for Xen guests Greg Kroah-Hartman
2013-09-25 0:18 ` [ 017/117] cpuidle: coupled: abort idle if pokes are pending Greg Kroah-Hartman
2013-09-25 0:18 ` [ 018/117] cpuidle: coupled: fix race condition between pokes and safe state Greg Kroah-Hartman
2013-09-25 0:18 ` [ 019/117] arm64: perf: fix group validation when using enable_on_exec Greg Kroah-Hartman
2013-09-25 0:18 ` [ 020/117] arm64: perf: fix ARMv8 EVTYPE_MASK to include NSH bit Greg Kroah-Hartman
2013-09-25 0:18 ` [ 021/117] ARM: PCI: versatile: Fix map_irq function to match hardware Greg Kroah-Hartman
2013-09-25 0:18 ` [ 022/117] ARM: PCI: versatile: Fix PCI I/O Greg Kroah-Hartman
2013-09-25 0:18 ` [ 023/117] ARM: PCI: versatile: Fix SMAP register offsets Greg Kroah-Hartman
2013-09-25 0:18 ` [ 024/117] KVM: PPC: Book3S: Fix compile error in XICS emulation Greg Kroah-Hartman
2013-09-25 0:18 ` [ 025/117] xhci-plat: Dont enable legacy PCI interrupts Greg Kroah-Hartman
2013-09-25 0:18 ` [ 026/117] usb: xhci: Disable runtime PM suspend for quirky controllers Greg Kroah-Hartman
2013-09-25 0:18 ` [ 027/117] xhci: fix port BESL LPM capability checking Greg Kroah-Hartman
2013-09-25 0:18 ` [ 028/117] usb: dwc3: gadget: dont request IRQs in atomic Greg Kroah-Hartman
2013-09-25 0:18 ` [ 029/117] tty: disassociate_ctty() sends the extra SIGCONT Greg Kroah-Hartman
2013-09-25 0:18 ` [ 030/117] cifs: ensure that srv_mutex is held when dealing with ssocket pointer Greg Kroah-Hartman
2013-09-25 0:18 ` [ 031/117] CIFS: Fix a memory leak when a lease break comes Greg Kroah-Hartman
2013-09-25 0:18 ` [ 032/117] CIFS: Fix missing lease break Greg Kroah-Hartman
2013-09-25 0:18 ` [ 033/117] USB: OHCI: Allow runtime PM without system sleep Greg Kroah-Hartman
2013-09-25 0:18 ` [ 034/117] regmap: debugfs: Fix continued read from registers file Greg Kroah-Hartman
2013-09-25 0:18 ` [ 035/117] staging: comedi: dt282x: dt282x_ai_insn_read() always fails Greg Kroah-Hartman
2013-09-25 0:18 ` [ 036/117] PCI/ACPI: Fix _OSC ordering to allow PCIe hotplug use when available Greg Kroah-Hartman
2013-09-25 0:18 ` [ 037/117] ACPI / LPSS: dont crash if a device has no MMIO resources Greg Kroah-Hartman
2013-09-25 0:18 ` [ 038/117] USB: mos7720: use GFP_ATOMIC under spinlock Greg Kroah-Hartman
2013-09-25 0:18 ` [ 039/117] USB: mos7720: fix big-endian control requests Greg Kroah-Hartman
2013-09-25 0:18 ` [ 040/117] usb: ehci-mxc: check for pdata before dereferencing Greg Kroah-Hartman
2013-09-25 0:18 ` [ 041/117] USB: cdc-wdm: fix race between interrupt handler and tasklet Greg Kroah-Hartman
2013-09-25 0:18 ` [ 042/117] usb: gadget: uvc: Fix error handling in uvc_queue_buffer() Greg Kroah-Hartman
2013-09-25 0:18 ` [ 043/117] usb: Dont fail port power resume on device disconnect Greg Kroah-Hartman
2013-09-25 0:18 ` [ 044/117] USB: fix build error when CONFIG_PM_SLEEP isnt enabled Greg Kroah-Hartman
2013-09-25 0:18 ` [ 045/117] usb: config->desc.bLength may not exceed amount of data returned by the device Greg Kroah-Hartman
2013-09-25 0:18 ` [ 046/117] USB: handle LPM errors during device suspend correctly Greg Kroah-Hartman
2013-09-25 0:18 ` [ 047/117] usb: dont check pm qos NO_POWER_OFF flag in usb_port_suspend() Greg Kroah-Hartman
2013-09-25 0:18 ` [ 048/117] rculist: list_first_or_null_rcu() should use list_entry_rcu() Greg Kroah-Hartman
2013-09-25 0:18 ` [ 049/117] ASoC: wm8960: Fix PLL register writes Greg Kroah-Hartman
2013-09-25 0:18 ` [ 050/117] ASoC: mc13783: add spi errata fix Greg Kroah-Hartman
2013-09-25 0:18 ` [ 051/117] x86, smap: Handle csum_partial_copy_*_user() Greg Kroah-Hartman
2013-09-25 0:18 ` [ 052/117] Introduce [compat_]save_altstack_ex() to unbreak x86 SMAP Greg Kroah-Hartman
2013-09-25 0:18 ` [ 053/117] pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models Greg Kroah-Hartman
2013-09-25 0:18 ` [ 054/117] x86, amd_nb: Clarify F15h, model 30h GART and L3 support Greg Kroah-Hartman
2013-09-25 0:18 ` [ 055/117] x86/mce: Pay no attention to F bit in MCACOD when parsing UC errors Greg Kroah-Hartman
2013-09-25 0:18 ` [ 056/117] sched/x86: Optimize switch_mm() for multi-threaded workloads Greg Kroah-Hartman
2013-09-25 0:18 ` [ 057/117] ALSA: hda - Re-setup HDMI pin and audio infoframe on stream switches Greg Kroah-Hartman
2013-09-25 0:18 ` [ 058/117] ALSA: hda - hdmi: Fallback to ALSA allocation when selecting CA Greg Kroah-Hartman
2013-09-25 0:18 ` [ 059/117] ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist Greg Kroah-Hartman
2013-09-25 0:18 ` [ 060/117] pinctrl: at91: fix get_pullup/down function return Greg Kroah-Hartman
2013-09-25 0:18 ` [ 061/117] ext4: move test whether extent to map can be extended to one place Greg Kroah-Hartman
2013-09-25 0:18 ` [ 062/117] ext4: fix ext4_writepages() in presence of truncate Greg Kroah-Hartman
2013-09-29 23:07 ` Ben Hutchings
2013-09-29 23:52 ` Dave Jones
2013-09-30 9:23 ` Jan Kara
2013-09-25 0:18 ` [ 063/117] ext4: simplify truncation code in ext4_setattr() Greg Kroah-Hartman
2013-09-25 0:18 ` [ 064/117] mac80211: ignore (E)CSA in probe response frames Greg Kroah-Hartman
2013-09-25 0:18 ` [ 065/117] brcmsmac: Fix WARNING caused by lack of calls to dma_mapping_error() Greg Kroah-Hartman
2013-09-25 0:18 ` [ 066/117] ath9k: always clear ps filter bit on new assoc Greg Kroah-Hartman
2013-09-25 0:18 ` [ 067/117] ath9k: fix rx descriptor related race condition Greg Kroah-Hartman
2013-09-25 0:18 ` [ 068/117] ath9k: avoid accessing MRC registers on single-chain devices Greg Kroah-Hartman
2013-09-25 0:18 ` [ 069/117] net: mvneta: properly disable HW PHY polling and ensure adjust_link() works Greg Kroah-Hartman
2013-09-25 0:18 ` [ 070/117] HID: Correct the USB IDs for the new Macbook Air 6 Greg Kroah-Hartman
2013-09-25 0:18 ` [ 071/117] HID: pantherlord: validate output report details Greg Kroah-Hartman
2013-09-25 0:18 ` [ 072/117] HID: kye: Add report fixup for Genius Gx Imperator Keyboard Greg Kroah-Hartman
2013-09-25 0:18 ` [ 073/117] HID: wiimote: work around broken DRM_KAI on GEN10 Greg Kroah-Hartman
2013-09-25 0:19 ` [ 074/117] HID: Fix Speedlink VAD Cezanne support for some devices Greg Kroah-Hartman
2013-09-25 0:19 ` [ 075/117] HID: sensor-hub: validate feature report details Greg Kroah-Hartman
2013-09-25 0:19 ` [ 076/117] HID: validate HID report id size Greg Kroah-Hartman
2013-09-25 0:19 ` [ 077/117] HID: picolcd_core: validate output report details Greg Kroah-Hartman
2013-09-25 0:19 ` [ 078/117] HID: ntrig: validate feature " Greg Kroah-Hartman
2013-09-25 0:19 ` [ 079/117] HID: picolcd: Prevent NULL pointer dereference on _remove() Greg Kroah-Hartman
2013-09-25 0:19 ` [ 080/117] HID: battery: dont do DMA from stack Greg Kroah-Hartman
2013-09-25 0:19 ` [ 081/117] HID: hidraw: correctly deallocate memory on device disconnect Greg Kroah-Hartman
2013-09-25 0:19 ` [ 082/117] HID: check for NULL field when setting values Greg Kroah-Hartman
2013-09-25 0:19 ` [ 083/117] HID: usbhid: quirk for N-Trig DuoSense Touch Screen Greg Kroah-Hartman
2013-09-25 0:19 ` [ 084/117] media: exynos4-is: Fix fimc-lite bayer formats Greg Kroah-Hartman
2013-09-25 0:19 ` [ 085/117] media: exynos-gsc: Register v4l2 device Greg Kroah-Hartman
2013-09-25 0:19 ` Greg Kroah-Hartman [this message]
2013-09-25 0:19 ` [ 087/117] media: cx88: Fix regression: CX88_AUDIO_WM8775 cant be 0 Greg Kroah-Hartman
2013-09-25 0:19 ` [ 088/117] media: mb86a20s: Fix TS parallel mode Greg Kroah-Hartman
2013-09-25 0:19 ` [ 089/117] media: siano: fix divide error on 0 counters Greg Kroah-Hartman
2013-09-25 0:19 ` [ 090/117] Btrfs: dont allow the replace procedure on read only filesystems Greg Kroah-Hartman
2013-09-25 0:19 ` [ 091/117] uprobes: Fix utask->depth accounting in handle_trampoline() Greg Kroah-Hartman
2013-09-25 0:19 ` [ 092/117] leds: wm831x-status: Request a REG resource Greg Kroah-Hartman
2013-09-25 0:19 ` [ 093/117] MIPS: ath79: Fix ar933x watchdog clock Greg Kroah-Hartman
2013-09-25 0:19 ` [ 094/117] target: Fix >= v3.9+ regression in PR APTPL + ALUA metadata write-out Greg Kroah-Hartman
2013-09-25 0:19 ` [ 095/117] intel-iommu: Fix leaks in pagetable freeing Greg Kroah-Hartman
2013-09-25 0:19 ` [ 096/117] pidns: Fix hang in zap_pid_ns_processes by sending a potentially extra wakeup Greg Kroah-Hartman
2013-09-25 0:19 ` [ 097/117] pidns: fix vfork() after unshare(CLONE_NEWPID) Greg Kroah-Hartman
2013-09-25 0:19 ` [ 098/117] ocfs2: fix the end cluster offset of FIEMAP Greg Kroah-Hartman
2013-09-25 0:19 ` [ 099/117] memcg: fix multiple large threshold notifications Greg Kroah-Hartman
2013-09-25 0:19 ` [ 100/117] mm/huge_memory.c: fix potential NULL pointer dereference Greg Kroah-Hartman
2013-09-25 0:19 ` [ 101/117] proc: Restrict mounting the proc filesystem Greg Kroah-Hartman
2013-09-25 0:19 ` [ 102/117] isofs: Refuse RW mount of the filesystem instead of making it RO Greg Kroah-Hartman
2013-09-25 0:19 ` [ 103/117] amd64_edac: Fix single-channel setups Greg Kroah-Hartman
2013-09-25 0:19 ` [ 104/117] drm/edid: add quirk for Medion MD30217PG Greg Kroah-Hartman
2013-09-25 0:19 ` [ 105/117] um: Implement probe_kernel_read() Greg Kroah-Hartman
2013-09-25 0:19 ` [ 106/117] libceph: unregister request in __map_request failed and nofail == false Greg Kroah-Hartman
2013-09-25 0:19 ` [ 107/117] libceph: use pg_num_mask instead of pgp_num_mask for pg.seed calc Greg Kroah-Hartman
2013-09-25 0:19 ` [ 108/117] ceph: Dont forget the up_read(&osdc->map_sem) if met error Greg Kroah-Hartman
2013-09-25 0:19 ` [ 109/117] rbd: fix I/O error propagation for reads Greg Kroah-Hartman
2013-09-25 0:19 ` [ 110/117] mmc: tmio_mmc_dma: fix PIO fallback on SDHI Greg Kroah-Hartman
2013-09-25 0:19 ` [ 111/117] of: Fix missing memory initialization on FDT unflattening Greg Kroah-Hartman
2013-09-25 0:19 ` [ 112/117] mtd: nand: fix NAND_BUSWIDTH_AUTO for x16 devices Greg Kroah-Hartman
2013-09-25 0:19 ` [ 113/117] clk: wm831x: Initialise wm831x pointer on init Greg Kroah-Hartman
2013-09-25 0:19 ` [ 114/117] fuse: postpone end_page_writeback() in fuse_writepage_locked() Greg Kroah-Hartman
2013-09-25 0:19 ` [ 115/117] fuse: invalidate inode attributes on xattr modification Greg Kroah-Hartman
2013-09-25 0:19 ` [ 116/117] fuse: hotfix truncate_pagecache() issue Greg Kroah-Hartman
2013-09-25 0:19 ` [ 117/117] fuse: readdir: check for slash in names Greg Kroah-Hartman
2013-09-25 4:09 ` [ 000/117] 3.11.2-stable review Guenter Roeck
2013-09-26 1:09 ` Greg Kroah-Hartman
2013-09-26 2:26 ` Shuah Khan
2013-09-26 2:45 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130925001750.341130971@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=a.hajda@samsung.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.chehab@samsung.com \
--cc=s.nawrocki@samsung.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).