Re: [PATCH v3 01/18] media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Hans

On 05/07/2023 22:29, Hans de Goede wrote:

When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run
sensor->adev is not set yet.

So if either of the dev_warn() calls about unknown values are hit this
will lead to a NULL pointer deref.

Set sensor->adev earlier, with a borrowed ref to avoid making unrolling
on errors harder, to fix this.

Fixes: 485aa3df0dff ("media: ipu3-cio2: Parse sensor orientation and rotation")
Cc: Fabian Wüthrich <me@xxxxxxxx>
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
---


Reviewed-by: Daniel Scally <dan.scally@xxxxxxxxxxxxxxxx>


And same for the corresponding 09/18


  drivers/media/pci/intel/ipu-bridge.c | 5 +++++
  1 file changed, 5 insertions(+)

diff --git a/drivers/media/pci/intel/ipu-bridge.c b/drivers/media/pci/intel/ipu-bridge.c
index 62daa8c1f6b1..f0927f80184d 100644
--- a/drivers/media/pci/intel/ipu-bridge.c
+++ b/drivers/media/pci/intel/ipu-bridge.c
@@ -308,6 +308,11 @@ static int ipu_bridge_connect_sensor(const struct ipu_sensor_config *cfg,
  		}
sensor = &bridge->sensors[bridge->n_sensors]; 
+		/*
+		 * Borrow our adev ref to the sensor for now, on success
+		 * acpi_dev_get(adev) is done further below.
+		 */
+		sensor->adev = adev;
ret = ipu_bridge_read_acpi_buffer(adev, "SSDB", 
  						  &sensor->ssdb,
[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]
  Powered by Linux