The fixes included in this commit essentially removes NULL pointer checks on the return values of function `get_queue_ctx` as well as `v4l2_m2m_get_vq` defined in file v4l2-mem2mem.c. Function `get_queue_ctx` is very unlikely to return a NULL pointer because its return value is an address composed of the base address pointed by `m2m_ctx` and an offset of field `out_q_ctx` or `cap_q_ctx`. Since the offset of either field is not 0, for the return value to be NULL, pointer `m2m_ctx` must be a very large unsigned value such that its addition to the offset overflows to NULL which may be undefined according to this post: https://wdtz.org/catching-pointer-overflow-bugs.html. Moreover, even if `m2m_ctx` is NULL, the return value cannot be NULL, either. Therefore, I think it is reasonable to conclude that the return value of function `get_queue_ctx` cannot be NULL. Given the return values of `get_queue_ctx` not being NULL, we can follow a similar reasoning to conclude that the return value of `v4l2_mem_get_vq` cannot be NULL since its return value is the same address as the return value of `get_queue_ctx`. Therefore, this patch also removes NULL pointer checks on the return values of `v4l2_mem_get_vq`. Signed-off-by: Shaobo He <shaobo@xxxxxxxxxxx> --- drivers/media/platform/coda/coda-common.c | 4 ---- drivers/media/platform/imx-pxp.c | 7 ------- drivers/media/platform/m2m-deinterlace.c | 7 ------- drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 7 ------- drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c | 7 ------- drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c | 13 ------------- drivers/media/platform/mx2_emmaprp.c | 7 ------- drivers/media/platform/rcar_fdp1.c | 3 --- drivers/media/platform/rcar_jpu.c | 8 -------- drivers/media/platform/rockchip/rga/rga.c | 4 ---- drivers/media/platform/s5p-g2d/g2d.c | 4 ---- drivers/media/platform/s5p-jpeg/jpeg-core.c | 7 ------- drivers/media/platform/sh_veu.c | 2 -- drivers/media/platform/ti-vpe/vpe.c | 7 ------- drivers/media/platform/vicodec/vicodec-core.c | 5 ----- drivers/media/platform/vim2m.c | 7 ------- drivers/media/v4l2-core/v4l2-mem2mem.c | 4 ---- 17 files changed, 103 deletions(-) diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c index 7518f01..ee1e05b 100644 --- a/drivers/media/platform/coda/coda-common.c +++ b/drivers/media/platform/coda/coda-common.c @@ -696,8 +696,6 @@ static int coda_s_fmt(struct coda_ctx *ctx, struct v4l2_format *f, struct vb2_queue *vq; vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = get_q_data(ctx, f->type); if (!q_data) @@ -817,8 +815,6 @@ static int coda_s_fmt_vid_out(struct file *file, void *priv, ctx->quantization = f->fmt.pix.quantization; dst_vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, V4L2_BUF_TYPE_VIDEO_CAPTURE); - if (!dst_vq) - return -EINVAL; /* * Setting the capture queue format is not possible while the capture diff --git a/drivers/media/platform/imx-pxp.c b/drivers/media/platform/imx-pxp.c index c1c2554..d079b3c 100644 --- a/drivers/media/platform/imx-pxp.c +++ b/drivers/media/platform/imx-pxp.c @@ -1071,13 +1071,8 @@ static int pxp_enum_fmt_vid_out(struct file *file, void *priv, static int pxp_g_fmt(struct pxp_ctx *ctx, struct v4l2_format *f) { - struct vb2_queue *vq; struct pxp_q_data *q_data; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = get_q_data(ctx, f->type); f->fmt.pix.width = q_data->width; @@ -1220,8 +1215,6 @@ static int pxp_s_fmt(struct pxp_ctx *ctx, struct v4l2_format *f) struct vb2_queue *vq; vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = get_q_data(ctx, f->type); if (!q_data) diff --git a/drivers/media/platform/m2m-deinterlace.c b/drivers/media/platform/m2m-deinterlace.c index c62e598..df03ffd 100644 --- a/drivers/media/platform/m2m-deinterlace.c +++ b/drivers/media/platform/m2m-deinterlace.c @@ -497,13 +497,8 @@ static int vidioc_enum_fmt_vid_out(struct file *file, void *priv, static int vidioc_g_fmt(struct deinterlace_ctx *ctx, struct v4l2_format *f) { - struct vb2_queue *vq; struct deinterlace_q_data *q_data; - vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = get_q_data(f->type); f->fmt.pix.width = q_data->width; @@ -598,8 +593,6 @@ static int vidioc_s_fmt(struct deinterlace_ctx *ctx, struct v4l2_format *f) struct vb2_queue *vq; vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = get_q_data(f->type); if (!q_data) diff --git a/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c b/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c index 2a5d500..2da90ae 100644 --- a/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c +++ b/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c @@ -271,17 +271,12 @@ static int mtk_jpeg_try_fmt_mplane(struct v4l2_format *f, static int mtk_jpeg_g_fmt_vid_mplane(struct file *file, void *priv, struct v4l2_format *f) { - struct vb2_queue *vq; struct mtk_jpeg_q_data *q_data = NULL; struct v4l2_pix_format_mplane *pix_mp = &f->fmt.pix_mp; struct mtk_jpeg_ctx *ctx = mtk_jpeg_fh_to_ctx(priv); struct mtk_jpeg_dev *jpeg = ctx->jpeg; int i; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = mtk_jpeg_get_q_data(ctx, f->type); memset(pix_mp->reserved, 0, sizeof(pix_mp->reserved)); @@ -372,8 +367,6 @@ static int mtk_jpeg_s_fmt_mplane(struct mtk_jpeg_ctx *ctx, int i; vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = mtk_jpeg_get_q_data(ctx, f->type); diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c index ba61964..d4006e5 100644 --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c @@ -955,15 +955,8 @@ static int vidioc_vdec_g_fmt(struct file *file, void *priv, { struct mtk_vcodec_ctx *ctx = fh_to_ctx(priv); struct v4l2_pix_format_mplane *pix_mp = &f->fmt.pix_mp; - struct vb2_queue *vq; struct mtk_q_data *q_data; - vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) { - mtk_v4l2_err("no vb2 queue for type=%d", f->type); - return -EINVAL; - } - q_data = mtk_vdec_get_q_data(ctx, f->type); pix_mp->field = V4L2_FIELD_NONE; diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c index d1f1225..7c54690 100644 --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c @@ -430,10 +430,6 @@ static int vidioc_venc_s_fmt_cap(struct file *file, void *priv, struct mtk_video_fmt *fmt; vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) { - mtk_v4l2_err("fail to get vq"); - return -EINVAL; - } if (vb2_is_busy(vq)) { mtk_v4l2_err("queue busy"); @@ -493,10 +489,6 @@ static int vidioc_venc_s_fmt_out(struct file *file, void *priv, struct v4l2_pix_format_mplane *pix_fmt_mp = &f->fmt.pix_mp; vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) { - mtk_v4l2_err("fail to get vq"); - return -EINVAL; - } if (vb2_is_busy(vq)) { mtk_v4l2_err("queue busy"); @@ -554,14 +546,9 @@ static int vidioc_venc_g_fmt(struct file *file, void *priv, { struct v4l2_pix_format_mplane *pix = &f->fmt.pix_mp; struct mtk_vcodec_ctx *ctx = fh_to_ctx(priv); - struct vb2_queue *vq; struct mtk_q_data *q_data; int i; - vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = mtk_venc_get_q_data(ctx, f->type); pix->width = q_data->coded_width; diff --git a/drivers/media/platform/mx2_emmaprp.c b/drivers/media/platform/mx2_emmaprp.c index 27b078c..1366fde 100644 --- a/drivers/media/platform/mx2_emmaprp.c +++ b/drivers/media/platform/mx2_emmaprp.c @@ -436,13 +436,8 @@ static int vidioc_enum_fmt_vid_out(struct file *file, void *priv, static int vidioc_g_fmt(struct emmaprp_ctx *ctx, struct v4l2_format *f) { - struct vb2_queue *vq; struct emmaprp_q_data *q_data; - vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = get_q_data(ctx, f->type); f->fmt.pix.width = q_data->width; @@ -545,8 +540,6 @@ static int vidioc_s_fmt(struct emmaprp_ctx *ctx, struct v4l2_format *f) int ret; vq = v4l2_m2m_get_vq(ctx->m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = get_q_data(ctx, f->type); if (!q_data) diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c index 6bda1ee..ef747d3 100644 --- a/drivers/media/platform/rcar_fdp1.c +++ b/drivers/media/platform/rcar_fdp1.c @@ -1407,9 +1407,6 @@ static int fdp1_g_fmt(struct file *file, void *priv, struct v4l2_format *f) struct fdp1_q_data *q_data; struct fdp1_ctx *ctx = fh_to_ctx(priv); - if (!v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type)) - return -EINVAL; - q_data = get_q_data(ctx, f->type); f->fmt.pix_mp = q_data->format; diff --git a/drivers/media/platform/rcar_jpu.c b/drivers/media/platform/rcar_jpu.c index 1dfd2eb..a91664c 100644 --- a/drivers/media/platform/rcar_jpu.c +++ b/drivers/media/platform/rcar_jpu.c @@ -839,9 +839,6 @@ static int jpu_try_fmt(struct file *file, void *priv, struct v4l2_format *f) { struct jpu_ctx *ctx = fh_to_ctx(priv); - if (!v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type)) - return -EINVAL; - return __jpu_try_fmt(ctx, NULL, &f->fmt.pix_mp, f->type); } @@ -855,8 +852,6 @@ static int jpu_s_fmt(struct file *file, void *priv, struct v4l2_format *f) int ret; vq = v4l2_m2m_get_vq(m2m_ctx, f->type); - if (!vq) - return -EINVAL; if (vb2_is_busy(vq)) { v4l2_err(&ctx->jpu->v4l2_dev, "%s queue busy\n", __func__); @@ -880,9 +875,6 @@ static int jpu_g_fmt(struct file *file, void *priv, struct v4l2_format *f) struct jpu_q_data *q_data; struct jpu_ctx *ctx = fh_to_ctx(priv); - if (!v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type)) - return -EINVAL; - q_data = jpu_get_q_data(ctx, f->type); f->fmt.pix_mp = q_data->format; diff --git a/drivers/media/platform/rockchip/rga/rga.c b/drivers/media/platform/rockchip/rga/rga.c index 5c65328..74b8e9d 100644 --- a/drivers/media/platform/rockchip/rga/rga.c +++ b/drivers/media/platform/rockchip/rga/rga.c @@ -470,12 +470,8 @@ static int vidioc_enum_fmt(struct file *file, void *prv, struct v4l2_fmtdesc *f) static int vidioc_g_fmt(struct file *file, void *prv, struct v4l2_format *f) { struct rga_ctx *ctx = prv; - struct vb2_queue *vq; struct rga_frame *frm; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; frm = rga_get_frame(ctx, f->type); if (IS_ERR(frm)) return PTR_ERR(frm); diff --git a/drivers/media/platform/s5p-g2d/g2d.c b/drivers/media/platform/s5p-g2d/g2d.c index 57ab1d1..dda4159 100644 --- a/drivers/media/platform/s5p-g2d/g2d.c +++ b/drivers/media/platform/s5p-g2d/g2d.c @@ -319,12 +319,8 @@ static int vidioc_enum_fmt(struct file *file, void *prv, struct v4l2_fmtdesc *f) static int vidioc_g_fmt(struct file *file, void *prv, struct v4l2_format *f) { struct g2d_ctx *ctx = prv; - struct vb2_queue *vq; struct g2d_frame *frm; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; frm = get_frame(ctx, f->type); if (IS_ERR(frm)) return PTR_ERR(frm); diff --git a/drivers/media/platform/s5p-jpeg/jpeg-core.c b/drivers/media/platform/s5p-jpeg/jpeg-core.c index 3f9000b..4884725 100644 --- a/drivers/media/platform/s5p-jpeg/jpeg-core.c +++ b/drivers/media/platform/s5p-jpeg/jpeg-core.c @@ -1359,15 +1359,10 @@ static struct s5p_jpeg_q_data *get_q_data(struct s5p_jpeg_ctx *ctx, static int s5p_jpeg_g_fmt(struct file *file, void *priv, struct v4l2_format *f) { - struct vb2_queue *vq; struct s5p_jpeg_q_data *q_data = NULL; struct v4l2_pix_format *pix = &f->fmt.pix; struct s5p_jpeg_ctx *ct = fh_to_ctx(priv); - vq = v4l2_m2m_get_vq(ct->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; - if (f->type == V4L2_BUF_TYPE_VIDEO_CAPTURE && ct->mode == S5P_JPEG_DECODE && !ct->hdr_parsed) return -EINVAL; @@ -1620,8 +1615,6 @@ static int s5p_jpeg_s_fmt(struct s5p_jpeg_ctx *ct, struct v4l2_format *f) unsigned int f_type; vq = v4l2_m2m_get_vq(ct->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = get_q_data(ct, f->type); BUG_ON(q_data == NULL); diff --git a/drivers/media/platform/sh_veu.c b/drivers/media/platform/sh_veu.c index 09ae64a..6d59e16 100644 --- a/drivers/media/platform/sh_veu.c +++ b/drivers/media/platform/sh_veu.c @@ -554,8 +554,6 @@ static int sh_veu_s_fmt(struct sh_veu_file *veu_file, struct v4l2_format *f) return ret; vq = v4l2_m2m_get_vq(veu->m2m_ctx, f->type); - if (!vq) - return -EINVAL; if (vb2_is_busy(vq)) { v4l2_err(&veu_file->veu_dev->v4l2_dev, "%s queue busy\n", __func__); diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c index d70871d0..1620168 100644 --- a/drivers/media/platform/ti-vpe/vpe.c +++ b/drivers/media/platform/ti-vpe/vpe.c @@ -1537,14 +1537,9 @@ static int vpe_g_fmt(struct file *file, void *priv, struct v4l2_format *f) { struct v4l2_pix_format_mplane *pix = &f->fmt.pix_mp; struct vpe_ctx *ctx = file2ctx(file); - struct vb2_queue *vq; struct vpe_q_data *q_data; int i; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = get_q_data(ctx, f->type); pix->width = q_data->width; @@ -1714,8 +1709,6 @@ static int __vpe_s_fmt(struct vpe_ctx *ctx, struct v4l2_format *f) int i; vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; if (vb2_is_busy(vq)) { vpe_err(ctx->dev, "queue busy\n"); diff --git a/drivers/media/platform/vicodec/vicodec-core.c b/drivers/media/platform/vicodec/vicodec-core.c index 0d7876f..9a2ab8b 100644 --- a/drivers/media/platform/vicodec/vicodec-core.c +++ b/drivers/media/platform/vicodec/vicodec-core.c @@ -445,16 +445,11 @@ static int vidioc_enum_fmt_vid_out(struct file *file, void *priv, static int vidioc_g_fmt(struct vicodec_ctx *ctx, struct v4l2_format *f) { - struct vb2_queue *vq; struct vicodec_q_data *q_data; struct v4l2_pix_format_mplane *pix_mp; struct v4l2_pix_format *pix; const struct v4l2_fwht_pixfmt_info *info; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = get_q_data(ctx, f->type); info = q_data->info; diff --git a/drivers/media/platform/vim2m.c b/drivers/media/platform/vim2m.c index 89d9c4c..6520719 100644 --- a/drivers/media/platform/vim2m.c +++ b/drivers/media/platform/vim2m.c @@ -484,13 +484,8 @@ static int vidioc_enum_fmt_vid_out(struct file *file, void *priv, static int vidioc_g_fmt(struct vim2m_ctx *ctx, struct v4l2_format *f) { - struct vb2_queue *vq; struct vim2m_q_data *q_data; - vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; - q_data = get_q_data(ctx, f->type); f->fmt.pix.width = q_data->width; @@ -595,8 +590,6 @@ static int vidioc_s_fmt(struct vim2m_ctx *ctx, struct v4l2_format *f) struct vb2_queue *vq; vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx, f->type); - if (!vq) - return -EINVAL; q_data = get_q_data(ctx, f->type); if (!q_data) diff --git a/drivers/media/v4l2-core/v4l2-mem2mem.c b/drivers/media/v4l2-core/v4l2-mem2mem.c index 5bbdec5..1bbf4b0 100644 --- a/drivers/media/v4l2-core/v4l2-mem2mem.c +++ b/drivers/media/v4l2-core/v4l2-mem2mem.c @@ -124,8 +124,6 @@ struct vb2_queue *v4l2_m2m_get_vq(struct v4l2_m2m_ctx *m2m_ctx, struct v4l2_m2m_queue_ctx *q_ctx; q_ctx = get_queue_ctx(m2m_ctx, type); - if (!q_ctx) - return NULL; return &q_ctx->q; } @@ -965,8 +963,6 @@ void v4l2_m2m_buf_queue(struct v4l2_m2m_ctx *m2m_ctx, unsigned long flags; q_ctx = get_queue_ctx(m2m_ctx, vbuf->vb2_buf.vb2_queue->type); - if (!q_ctx) - return; spin_lock_irqsave(&q_ctx->rdy_spinlock, flags); list_add_tail(&b->list, &q_ctx->rdy_queue); -- 1.9.1