From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Marek Szyprowski <m.szyprowski@samsung.com>,
Sylwester Nawrocki <s.nawrocki@samsung.com>,
Mauro Carvalho Chehab <mchehab@s-opensource.com>
Subject: [PATCH 4.8 72/96] [media] s5p-mfc: fix failure path of s5p_mfc_alloc_memdev()
Date: Fri, 6 Jan 2017 22:44:00 +0100 [thread overview]
Message-ID: <20170106214230.636170441@linuxfoundation.org> (raw)
In-Reply-To: <20170106214227.601120243@linuxfoundation.org>
4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit 3467c9a7e7f9209a9ecd8f9db65b04a323a13932 upstream.
s5p_mfc_alloc_memdev() function lacks proper releasing
of allocated device in case of reserved memory initialization
failure. This results in NULL pointer dereference:
[ 2.828457] Unable to handle kernel NULL pointer dereference at virtual address 00000001
[ 2.835089] pgd = c0004000
[ 2.837752] [00000001] *pgd=00000000
[ 2.844696] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 2.848680] Modules linked in:
[ 2.851722] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.8.0-rc6-00002-gafa1b97 #878
[ 2.859357] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 2.865433] task: ef080000 task.stack: ef06c000
[ 2.869952] PC is at strcmp+0x0/0x30
[ 2.873508] LR is at platform_match+0x84/0xac
[ 2.877847] pc : [<c032621c>] lr : [<c03f65e8>] psr: 20000013
[ 2.877847] sp : ef06dea0 ip : 00000000 fp : 00000000
[ 2.889303] r10: 00000000 r9 : c0b34848 r8 : c0b1e968
[ 2.894511] r7 : 00000000 r6 : 00000001 r5 : c086e7fc r4 : eeb8e010
[ 2.901021] r3 : 0000006d r2 : 00000000 r1 : c086e7fc r0 : 00000001
[ 2.907533] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 2.914649] Control: 10c5387d Table: 4000404a DAC: 00000051
[ 2.920378] Process swapper/0 (pid: 1, stack limit = 0xef06c210)
[ 2.926367] Stack: (0xef06dea0 to 0xef06e000)
[ 2.930711] dea0: eeb8e010 c0c2d91c c03f4a6c c03f4a8c 00000000 c0c2d91c c03f4a6c c03f2fc8
[ 2.938870] dec0: ef003274 ef10c4c0 c0c2d91c ef10cc80 c0c21270 c03f3fa4 c09c1be8 c0c2d91c
[ 2.947028] dee0: 00000006 c0c2d91c 00000006 c0b3483c c0c47000 c03f5314 c0c2d908 c0b5fed8
[ 2.955188] df00: 00000006 c010178c 60000013 c0a4ef14 00000000 c06feaa0 ef080000 60000013
[ 2.963347] df20: 00000000 c0c095c8 efffca76 c0816b8c 000000d5 c0134098 c0b34848 c09d6cdc
[ 2.971506] df40: c0a4de70 00000000 00000006 00000006 c0c09568 efffca40 c0b5fed8 00000006
[ 2.979665] df60: c0b3483c c0c47000 000000d5 c0b34848 c0b005a4 c0b00d84 00000006 00000006
[ 2.987824] df80: 00000000 c0b005a4 00000000 c06fb4d8 00000000 00000000 00000000 00000000
[ 2.995983] dfa0: 00000000 c06fb4e0 00000000 c01079b8 00000000 00000000 00000000 00000000
[ 3.004142] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 3.012302] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff
[ 3.020469] [<c032621c>] (strcmp) from [<c03f65e8>] (platform_match+0x84/0xac)
[ 3.027672] [<c03f65e8>] (platform_match) from [<c03f4a8c>] (__driver_attach+0x20/0xb0)
[ 3.035654] [<c03f4a8c>] (__driver_attach) from [<c03f2fc8>] (bus_for_each_dev+0x54/0x88)
[ 3.043812] [<c03f2fc8>] (bus_for_each_dev) from [<c03f3fa4>] (bus_add_driver+0xe8/0x1f4)
[ 3.051971] [<c03f3fa4>] (bus_add_driver) from [<c03f5314>] (driver_register+0x78/0xf4)
[ 3.059958] [<c03f5314>] (driver_register) from [<c010178c>] (do_one_initcall+0x3c/0x16c)
[ 3.068123] [<c010178c>] (do_one_initcall) from [<c0b00d84>] (kernel_init_freeable+0x120/0x1ec)
[ 3.076802] [<c0b00d84>] (kernel_init_freeable) from [<c06fb4e0>] (kernel_init+0x8/0x118)
[ 3.084958] [<c06fb4e0>] (kernel_init) from [<c01079b8>] (ret_from_fork+0x14/0x3c)
[ 3.092506] Code: 1afffffb e12fff1e e1a03000 eafffff7 (e4d03001)
[ 3.098618] ---[ end trace 511bf9d750810709 ]---
[ 3.103207] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
This patch fixes this issue.
Fixes: c79667dd93b084fe412bcfe7fbf0ba43f7dec520 ("media: s5p-mfc: replace custom
reserved memory handling code with generic one")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
@@ -1073,6 +1073,7 @@ static struct device *s5p_mfc_alloc_memd
idx);
if (ret == 0)
return child;
+ device_del(child);
}
put_device(child);
next prev parent reply other threads:[~2017-01-06 21:54 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20170106215010epcas3p298f6cd3d6c81baf1e1e724741444d929@epcas3p2.samsung.com>
2017-01-06 21:42 ` [PATCH 4.8 00/96] 4.8.17-stable review Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 01/96] ssb: Fix error routine when fallback SPROM fails Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 02/96] rtlwifi: Fix enter/exit power_save Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 03/96] perf/x86: Fix exclusion of BTS and LBR for Goldmont Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 04/96] perf/x86/intel/cstate: Prevent hotplug callback leak Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 05/96] rtl8xxxu: Work around issue with 8192eu and 8723bu devices not reconnecting Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 06/96] cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 07/96] ath9k: fix ath9k_hw_gpio_get() to return 0 or 1 on success Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 08/96] ath9k: Really fix LED polarity for some Mini PCI AR9220 MB92 cards Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 09/96] mmc: sdhci: Fix recovery from tuning timeout Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 10/96] regulator: stw481x-vmmc: fix ages old enable error Greg Kroah-Hartman
2017-01-06 21:42 ` [PATCH 4.8 11/96] timekeeping_Force_unsigned_clocksource_to_nanoseconds_conversion Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 12/96] gpio: chardev: Return error for seek operations Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 13/96] arm64: tegra: Add VDD_GPU regulator to Jetson TX1 Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 14/96] clk: bcm2835: Avoid overwriting the div info when disabling a pll_div clk Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 15/96] thermal: hwmon: Properly report critical temperature in sysfs Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 16/96] docs: sphinx-extensions: make rstFlatTable work with docutils 0.13 Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 17/96] hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels() Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 18/96] staging: comedi: ni_mio_common: fix M Series ni_ai_insn_read() data mask Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 19/96] staging: comedi: ni_mio_common: fix E series ni_ai_insn_read() data Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 20/96] ACPI / video: Add force_native quirk for Dell XPS 17 L702X Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 21/96] ACPI / video: Add force_native quirk for HP Pavilion dv6 Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 22/96] drm/amd/amdgpu: enable GUI idle INT after enabling CGCG Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 23/96] drm/nouveau/gr: fallback to legacy paths during firmware lookup Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 24/96] drm/nouveau/kms: lvds panel strap moved again on maxwell Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 25/96] drm/nouveau/bios: require checksum to match for fast acpi shadow method Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 26/96] drm/nouveau/ltc: protect clearing of comptags with mutex Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 27/96] drm/nouveau/ttm: wait for bo fence to signal before unmapping vmas Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 28/96] drm/nouveau/i2c/gk110b,gm10x: use the correct implementation Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 29/96] drm/nouveau/fifo/gf100-: protect channel preempt with subdev mutex Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 32/96] drm/radeon: add additional pci revision to dpm workaround Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 33/96] drm/radeon/si: load the proper firmware on 0x87 oland boards Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 34/96] drm/gma500: Add compat ioctl Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 35/96] drm/amdgpu: fix init save/restore list in gfx_v8.0 Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 36/96] drivers/gpu/drm/ast: Fix infinite loop if read fails Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 37/96] mei: request async autosuspend at the end of enumeration Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 38/96] mei: me: add lewisburg device ids Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 39/96] block: protect iterate_bdevs() against concurrent close Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 40/96] vt: fix Scroll Lock LED trigger name Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 41/96] stm class: Fix device leak in open error path Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 42/96] scsi: megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 43/96] scsi: megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 44/96] iscsi-target: Return error if unable to add network portal Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 45/96] scsi: zfcp: fix use-after-"free" in FC ingress path after TMF Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 46/96] scsi: zfcp: do not trace pure benign residual HBA responses at default level Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 47/96] scsi: zfcp: fix rport unblock race with LUN recovery Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 48/96] scsi: avoid a permanent stop of the scsi devices request queue Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 49/96] ARC: mm: arc700: Dont assume 2 colours for aliasing VIPT dcache Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 50/96] firmware: fix usermode helper fallback loading Greg Kroah-Hartman
2017-01-06 21:54 ` Yves-Alexis Perez
2017-01-13 10:58 ` Greg Kroah-Hartman
2017-03-24 20:01 ` Ben Gamari
2017-03-30 4:06 ` Luis R. Rodriguez
2017-01-06 21:43 ` [PATCH 4.8 51/96] s390/vmlogrdr: fix IUCV buffer allocation Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 52/96] s390/kexec: use node 0 when re-adding crash kernel memory Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 53/96] arm64: KVM: pmu: Reset PMSELR_EL0.SEL to a sane value before entering the guest Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 54/96] sc16is7xx: Drop bogus use of IRQF_ONESHOT Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 55/96] md/raid5: limit request size according to implementation limits Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 56/96] scsi: aacraid: remove wildcard for series 9 controllers Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 57/96] KVM: PPC: Book3S HV: Save/restore XER in checkpointed register state Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 58/96] KVM: PPC: Book3S HV: Dont lose hardware R/C bit updates in H_PROTECT Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 59/96] kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 60/96] fsnotify: Fix possible use-after-free in inode iteration on umount Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 61/96] vsock/virtio: fix src/dst cid format Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 62/96] ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 63/96] platform/x86: asus-nb-wmi.c: Add X45U quirk Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 64/96] fgraph: Handle a case where a tracer ignores set_graph_notrace Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 65/96] IB/mad: Fix an array index check Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 66/96] IPoIB: Avoid reading an uninitialized member variable Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 67/96] IB/multicast: Check ib_find_pkey() return value Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 68/96] IB/rxe: Fix a memory leak in rxe_qp_cleanup() Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 69/96] IB/cma: Fix a race condition in iboe_addr_get_sgid() Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 70/96] [media] mn88472: fix chip id check on probe Greg Kroah-Hartman
2017-01-06 21:43 ` [PATCH 4.8 71/96] [media] mn88473: " Greg Kroah-Hartman
2017-01-06 21:44 ` Greg Kroah-Hartman [this message]
2017-01-06 21:44 ` [PATCH 4.8 73/96] [media] media: solo6x10: fix lockup by avoiding delayed register write Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 74/96] [media] v4l: tvp5150: Add missing break in set control handler Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 75/96] Input: drv260x - fix input devices parent assignment Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 76/96] i40iw: Use correct src address in memcpy to rdma stats counters Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 77/96] PCI: Check for PME in targeted sleep state Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 78/96] libceph: verify authorize reply on connect Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 79/96] nfs_write_end(): fix handling of short copies Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 80/96] pNFS: On error, do not send LAYOUTGET until the LAYOUTRETURN has completed Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 81/96] pNFS: Dont clear the layout stateid if a layout return is outstanding Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 82/96] pNFS: Clear NFS_LAYOUT_RETURN_REQUESTED when invalidating the layout stateid Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 83/96] pNFS: Fix a deadlock between read resends and layoutreturn Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 84/96] SUNRPC: fix refcounting problems with auth_gss messages Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 85/96] powerpc/64e: Convert cmpi to cmpwi in head_64.S Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 86/96] powerpc/ps3: Fix system hang with GCC 5 builds Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 87/96] libnvdimm, pfn: fix align attribute Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 88/96] target/user: Fix use-after-free of tcmu_cmds if they are expired Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 89/96] kconfig/nconf: Fix hang when editing symbol with a long prompt Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 90/96] sg_write()/bsg_write() is not fit to be called under KERNEL_DS Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 91/96] net: mvpp2: fix dma unmapping of TX buffers for fragments Greg Kroah-Hartman
2017-01-06 21:44 ` [PATCH 4.8 96/96] drm/i915: skip the first 4k of stolen memory on everything >= gen8 Greg Kroah-Hartman
2017-01-07 2:04 ` [PATCH 4.8 00/96] 4.8.17-stable review Shuah Khan
2017-01-07 15:53 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170106214230.636170441@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mchehab@s-opensource.com \
--cc=s.nawrocki@samsung.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).