From patchwork Fri Sep 16 06:14:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marek Szyprowski X-Patchwork-Id: 76352 Delivered-To: patch@linaro.org Received: by 10.140.106.72 with SMTP id d66csp327472qgf; Thu, 15 Sep 2016 23:15:22 -0700 (PDT) X-Received: by 10.98.80.136 with SMTP id g8mr6778816pfj.185.1474006522914; Thu, 15 Sep 2016 23:15:22 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id mu9si4100348pab.78.2016.09.15.23.15.22; Thu, 15 Sep 2016 23:15:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751307AbcIPGPT (ORCPT + 3 others); Fri, 16 Sep 2016 02:15:19 -0400 Received: from mailout4.w1.samsung.com ([210.118.77.14]:32008 "EHLO mailout4.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751241AbcIPGPR (ORCPT ); Fri, 16 Sep 2016 02:15:17 -0400 Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout4.w1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0ODL00JLX2PAPK50@mailout4.w1.samsung.com>; Fri, 16 Sep 2016 07:15:12 +0100 (BST) Received: from eusmges4.samsung.com (unknown [203.254.199.244]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20160916061512eucas1p14d29274a858333fd0008aaf30bc332da~0uR0SL74f1535115351eucas1p1R; Fri, 16 Sep 2016 06:15:12 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges4.samsung.com (EUCPMTA) with SMTP id 3E.93.28332.0FD8BD75; Fri, 16 Sep 2016 07:15:12 +0100 (BST) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20160916061511eucas1p21e71e28d5f12ef94694ccbdec8379774~0uRzVZYzu0632806328eucas1p2a; Fri, 16 Sep 2016 06:15:11 +0000 (GMT) X-AuditID: cbfec7f4-f791c6d000006eac-e0-57db8df0cb41 Received: from eusync2.samsung.com ( [203.254.199.212]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 59.7C.10494.FBD8BD75; Fri, 16 Sep 2016 07:14:23 +0100 (BST) Received: from AMDC2765.digital.local ([106.116.147.25]) by eusync2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0ODL00K612P6AL80@eusync2.samsung.com>; Fri, 16 Sep 2016 07:15:11 +0100 (BST) From: Marek Szyprowski To: linux-media@vger.kernel.org, linux-samsung-soc@vger.kernel.org Cc: Marek Szyprowski , Sylwester Nawrocki , Krzysztof Kozlowski , stable@vger.kernel.org Subject: [PATCH] media: s5p-mfc: fix failure path of s5p_mfc_alloc_memdev() Date: Fri, 16 Sep 2016 08:14:33 +0200 Message-id: <1474006490-13283-1-git-send-email-m.szyprowski@samsung.com> X-Mailer: git-send-email 1.9.1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsWy7djP87ofem+HG7zdJWTx+oWhRc+GrawW M87vY7JYe+Quu8XhN+2sFgs2PmJ0YPPo27KK0ePzJrkApigum5TUnMyy1CJ9uwSujKkr57AX vFCo+NKyhLmBcaJ0FyMnh4SAicT9Z4vYIWwxiQv31rN1MXJxCAksZZTYN+EQK4TzmVHi7+dH bDAdfyd/YASxhQSWMUr0NVRB2A1MEjfX8YPYbAKGEl1vu8DqRQScJBbO+ssOMohZYDmjRMP5 BrCEsIC3ROP/L8wgNouAqsSFk1dZQWxeAQ+J/h8noJbJSZw8NhnsCgmBPWwSVxdeBUpwADmy EpsOMEPUuEh0Lf4PVS8s8er4Fqh3ZCQuT+5mgbD7GSWaWrUh7BmMEufe8kLY1hKHj18E28ss wCcxadt0ZojxvBIdbUIQJR4SW7b9gVrlKLFu3l52iH9jJTYcesU8gVF6ASPDKkaR1NLi3PTU YhO94sTc4tK8dL3k/NxNjMDYO/3v+JcdjIuPWR1iFOBgVOLhXTH3VrgQa2JZcWXuIUYJDmYl EV5ZYOQK8aYkVlalFuXHF5XmpBYfYpTmYFES592z4Eq4kEB6YklqdmpqQWoRTJaJg1OqgbGy k1dDa1Vy4Z3cnLUTxC2AzvmuJGXCd0zgVYeu5HWXvxfdKmxvtqxw/einwXWMKWSG1PXDjad/ yZu3KfyZxVYn82n51AdvzecadD8+VadkJlGT1XFb6ErOt6ndQTbSV6Lnqk1Ym+Xee+l0Jffk hNnWj5TW190+4PHzmkydmlvimvwPT4I3KrEUZyQaajEXFScCAC+zEJ65AgAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrLLMWRmVeSWpSXmKPExsVy+t/xK7r7e2+HG+y+bmPx+oWhRc+GrawW M87vY7JYe+Quu8XhN+2sFgs2PmJ0YPPo27KK0ePzJrkApig3m4zUxJTUIoXUvOT8lMy8dFul 0BA3XQslhbzE3FRbpQhd35AgJYWyxJxSIM/IAA04OAe4Byvp2yW4ZUxdOYe94IVCxZeWJcwN jBOluxg5OSQETCT+Tv7ACGGLSVy4t56ti5GLQ0hgCaPEjdOLWSCcJiaJbV8aWECq2AQMJbre drGB2CICThILZ/1lByliFljOKPFsVwM7SEJYwFui8f8XZhCbRUBV4sLJq6wgNq+Ah0T/jxNs EOvkJE4em8w6gZF7ASPDKkaR1NLi3PTcYiO94sTc4tK8dL3k/NxNjMCg23bs55YdjF3vgg8x CnAwKvHwrph7K1yINbGsuDL3EKMEB7OSCK8sMGSFeFMSK6tSi/Lji0pzUosPMZoCLZ/ILCWa nA+MiLySeEMTQ3NLQyNjCwtzIyMlcd6pH66ECwmkJ5akZqemFqQWwfQxcXBKNTCGXTJxuXWp xmSGQtB0o39bHwfzTbhmb7stemL+mZK9lZ89sktm+u7lMxGYd6drwpkp5aKptQX9XZut/864 qeRi4tSfYbU/sbc8OXJP899Xv1bIaDU/OPAw0lZ90ZXSuy37NRadFXBK3HRdeNHbas5gi9kM lxRcL90y6FiaVMi6avX1Msv4nOtKLMUZiYZazEXFiQA2lvNUUAIAAA== X-MTR: 20000000000000000@CPGS X-CMS-MailID: 20160916061511eucas1p21e71e28d5f12ef94694ccbdec8379774 X-Msg-Generator: CA X-Sender-IP: 182.198.249.180 X-Local-Sender: =?UTF-8?B?TWFyZWsgU3p5cHJvd3NraRtTUlBPTC1LZXJuZWwgKFRQKRs=?= =?UTF-8?B?7IK87ISx7KCE7J6QG1NlbmlvciBTb2Z0d2FyZSBFbmdpbmVlcg==?= X-Global-Sender: =?UTF-8?B?TWFyZWsgU3p5cHJvd3NraRtTUlBPTC1LZXJuZWwgKFRQKRtT?= =?UTF-8?B?YW1zdW5nIEVsZWN0cm9uaWNzG1NlbmlvciBTb2Z0d2FyZSBFbmdpbmVlcg==?= X-Sender-Code: =?UTF-8?B?QzEwG0VIURtDMTBDRDAyQ0QwMjczOTI=?= CMS-TYPE: 201P X-HopCount: 7 X-CMS-RootMailID: 20160916061511eucas1p21e71e28d5f12ef94694ccbdec8379774 X-RootMTR: 20160916061511eucas1p21e71e28d5f12ef94694ccbdec8379774 References: Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org s5p_mfc_alloc_memdev() function lacks proper releasing of allocated device in case of reserved memory initialization failure. This results in NULL pointer dereference: [ 2.828457] Unable to handle kernel NULL pointer dereference at virtual address 00000001 [ 2.835089] pgd = c0004000 [ 2.837752] [00000001] *pgd=00000000 [ 2.844696] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 2.848680] Modules linked in: [ 2.851722] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.8.0-rc6-00002-gafa1b97 #878 [ 2.859357] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [ 2.865433] task: ef080000 task.stack: ef06c000 [ 2.869952] PC is at strcmp+0x0/0x30 [ 2.873508] LR is at platform_match+0x84/0xac [ 2.877847] pc : [] lr : [] psr: 20000013 [ 2.877847] sp : ef06dea0 ip : 00000000 fp : 00000000 [ 2.889303] r10: 00000000 r9 : c0b34848 r8 : c0b1e968 [ 2.894511] r7 : 00000000 r6 : 00000001 r5 : c086e7fc r4 : eeb8e010 [ 2.901021] r3 : 0000006d r2 : 00000000 r1 : c086e7fc r0 : 00000001 [ 2.907533] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 2.914649] Control: 10c5387d Table: 4000404a DAC: 00000051 [ 2.920378] Process swapper/0 (pid: 1, stack limit = 0xef06c210) [ 2.926367] Stack: (0xef06dea0 to 0xef06e000) [ 2.930711] dea0: eeb8e010 c0c2d91c c03f4a6c c03f4a8c 00000000 c0c2d91c c03f4a6c c03f2fc8 [ 2.938870] dec0: ef003274 ef10c4c0 c0c2d91c ef10cc80 c0c21270 c03f3fa4 c09c1be8 c0c2d91c [ 2.947028] dee0: 00000006 c0c2d91c 00000006 c0b3483c c0c47000 c03f5314 c0c2d908 c0b5fed8 [ 2.955188] df00: 00000006 c010178c 60000013 c0a4ef14 00000000 c06feaa0 ef080000 60000013 [ 2.963347] df20: 00000000 c0c095c8 efffca76 c0816b8c 000000d5 c0134098 c0b34848 c09d6cdc [ 2.971506] df40: c0a4de70 00000000 00000006 00000006 c0c09568 efffca40 c0b5fed8 00000006 [ 2.979665] df60: c0b3483c c0c47000 000000d5 c0b34848 c0b005a4 c0b00d84 00000006 00000006 [ 2.987824] df80: 00000000 c0b005a4 00000000 c06fb4d8 00000000 00000000 00000000 00000000 [ 2.995983] dfa0: 00000000 c06fb4e0 00000000 c01079b8 00000000 00000000 00000000 00000000 [ 3.004142] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3.012302] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff ffffffff [ 3.020469] [] (strcmp) from [] (platform_match+0x84/0xac) [ 3.027672] [] (platform_match) from [] (__driver_attach+0x20/0xb0) [ 3.035654] [] (__driver_attach) from [] (bus_for_each_dev+0x54/0x88) [ 3.043812] [] (bus_for_each_dev) from [] (bus_add_driver+0xe8/0x1f4) [ 3.051971] [] (bus_add_driver) from [] (driver_register+0x78/0xf4) [ 3.059958] [] (driver_register) from [] (do_one_initcall+0x3c/0x16c) [ 3.068123] [] (do_one_initcall) from [] (kernel_init_freeable+0x120/0x1ec) [ 3.076802] [] (kernel_init_freeable) from [] (kernel_init+0x8/0x118) [ 3.084958] [] (kernel_init) from [] (ret_from_fork+0x14/0x3c) [ 3.092506] Code: 1afffffb e12fff1e e1a03000 eafffff7 (e4d03001) [ 3.098618] ---[ end trace 511bf9d750810709 ]--- [ 3.103207] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b This patch fixes this issue. Fixes: c79667dd93b084fe412bcfe7fbf0ba43f7dec520 ("media: s5p-mfc: replace custom reserved memory handling code with generic one") CC: stable@vger.kernel.org # v4.7+ Signed-off-by: Marek Szyprowski --- drivers/media/platform/s5p-mfc/s5p_mfc.c | 1 + 1 file changed, 1 insertion(+) -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c index e3f104f..9e88c2f 100644 --- a/drivers/media/platform/s5p-mfc/s5p_mfc.c +++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c @@ -1073,6 +1073,7 @@ static struct device *s5p_mfc_alloc_memdev(struct device *dev, idx); if (ret == 0) return child; + device_del(child); } put_device(child);