Hi All,
Gentle ping. Are we happy with this fix? Please let me know.
This issue is reproducible on RZ/G2L SMARC EVK.
Cheers,
Biju
> -----Original Message-----
> From: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> Sent: Thursday, November 30, 2023 5:33 PM
> Subject: [PATCH] media: v4l: async: Fix double pointer free on
> v4l2_async_unregister_subdev()
>
> The v4l2_async_unbind_subdev_one() deallocates the pointer &asc-
> >asc_subdev_entry. The same pointer is again used to deallocate in
> list_del() leading to the below kernel crash.
>
> Unable to handle kernel paging request at virtual address dead000000000108
> v4l2_async_unregister_subdev+0xf8/0x164
> rzg2l_csi2_remove+0x30/0x5c
> platform_remove+0x28/0x64
> device_remove+0x48/0x74
> device_release_driver_internal+0x1d8/0x234
> device_driver_detach+0x14/0x1c
> unbind_store+0xac/0xb0
>
> Fixes: 28a1295795d8 ("media: v4l: async: Allow multiple connections
> between entities")
> Signed-off-by: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> ---
> drivers/media/v4l2-core/v4l2-async.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-
> core/v4l2-async.c
> index 091e8cf4114b..8cfd593d293d 100644
> --- a/drivers/media/v4l2-core/v4l2-async.c
> +++ b/drivers/media/v4l2-core/v4l2-async.c
> @@ -880,7 +880,6 @@ void v4l2_async_unregister_subdev(struct v4l2_subdev
> *sd)
> &asc->notifier->waiting_list);
>
> v4l2_async_unbind_subdev_one(asc->notifier, asc);
> - list_del(&asc->asc_subdev_entry);
> }
> }
>
> --
> 2.25.1
