Re: [PATCH v4 01/11] media: cadence: csi2rx: Unregister v4l2 async notifier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Pratyush,

Thank you for the patch.

On Wed, Sep 15, 2021 at 05:32:30PM +0530, Pratyush Yadav wrote:
> The notifier is added to the global notifier list when registered. When
> the module is removed, the struct csi2rx_priv in which the notifier is
> embedded, is destroyed. As a result the notifier list has a reference to
> a notifier that no longer exists. This causes invalid memory accesses
> when the list is iterated over. Similar for when the probe fails.
> 
> Unregister and clean up the notifier to avoid this.
> 
> Fixes: 1fc3b37f34f6 ("media: v4l: cadence: Add Cadence MIPI-CSI2 RX driver")
> Signed-off-by: Pratyush Yadav <p.yadav@xxxxxx>

Reviewed-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>

Note that there are other issues in the driver in cleanup paths, in
particular a missing v4l2_async_notifier_cleanup() call in
csi2rx_parse_dt() when v4l2_async_notifier_add_fwnode_remote_subdev()
fails (moving the one from the other error path to an err label would be
best), and missing media_entity_cleanup() calls in both the probe error
path and the remove handler. Would you like to submit fixes for those ?

> ---
> 
> (no changes since v3)
> 
> Changes in v3:
> - New in v3.
> 
>  drivers/media/platform/cadence/cdns-csi2rx.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/media/platform/cadence/cdns-csi2rx.c b/drivers/media/platform/cadence/cdns-csi2rx.c
> index 7b44ab2b8c9a..d60975f905d6 100644
> --- a/drivers/media/platform/cadence/cdns-csi2rx.c
> +++ b/drivers/media/platform/cadence/cdns-csi2rx.c
> @@ -469,6 +469,7 @@ static int csi2rx_probe(struct platform_device *pdev)
>  	return 0;
>  
>  err_cleanup:
> +	v4l2_async_nf_unregister(&csi2rx->notifier);
>  	v4l2_async_nf_cleanup(&csi2rx->notifier);
>  err_free_priv:
>  	kfree(csi2rx);
> @@ -479,6 +480,8 @@ static int csi2rx_remove(struct platform_device *pdev)
>  {
>  	struct csi2rx_priv *csi2rx = platform_get_drvdata(pdev);
>  
> +	v4l2_async_nf_unregister(&csi2rx->notifier);
> +	v4l2_async_nf_cleanup(&csi2rx->notifier);
>  	v4l2_async_unregister_subdev(&csi2rx->subdev);
>  	kfree(csi2rx);
>  

-- 
Regards,

Laurent Pinchart
[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux