Guys:
I'm getting the following OOPS:
[ 2.952388] Unable to handle kernel NULL pointer dereference at
virtual address 00000000
[ 2.952388] pgd = dfca4000
[ 2.952418] [00000000] *pgd=a70cb831, *pte=00000000, *ppte=00000000
[ 2.952418] Internal error: Oops: 17 [#1] PREEMPT SMP
[ 2.952418] Modules linked in:
[ 2.952418] CPU: 0 Not tainted (3.0.21-perf+ #1)
[ 2.952449] PC is at msm_vfe_subdev_ioctl+0x14/0x4614
[ 2.952449] LR is at subdev_do_ioctl+0x43c/0x49c
Referring to commit d358ecdb, I see a lot of code that looks like this
in msm_vfe_subdev_ioctl():
static long msm_vfe_subdev_ioctl(struct v4l2_subdev *sd,
unsigned int subdev_cmd, void *arg)
{
...
struct msm_camvfe_params *vfe_params =
(struct msm_camvfe_params *)arg;
struct msm_vfe_cfg_cmd *cmd = vfe_params->vfe_cfg;
void *data = vfe_params->data;
...
struct axidata *axid;
axid = data;
...
regptr = axid->region;
if (axid->bufnum1 > 0) {
...
}
In other words, you're dereferencing the parameters passed to the
ioctl directly, rather than through copy_from_user(). I can't say for
sure that this is the root cause of my OOPSing, but it is very, very
suspicious code.
Or am I just misunderstanding something?
I chose this particular commit because it's the BSP v1.2 release from
Intrinsyc for the Dragonboard APQ8060A, which is my target device at
present. I haven't yet looked to see if this code is changed in later
commits...
b.g.
--
Bill Gatliff
bgat@xxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
