Hi All,
Gentle ping. Are we happy with this fix? Please let me know.
Cheers,
Biju
> -----Original Message-----
> From: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> Sent: Monday, December 11, 2023 5:10 PM
> Subject: RE: [PATCH] media: v4l: async: Fix double pointer free on
> v4l2_async_unregister_subdev()
>
> Hi All,
>
> Gentle ping. Are we happy with this fix? Please let me know.
>
> This issue is reproducible on RZ/G2L SMARC EVK.
>
> Cheers,
> Biju
>
> > -----Original Message-----
> > From: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> > Sent: Thursday, November 30, 2023 5:33 PM
> > Subject: [PATCH] media: v4l: async: Fix double pointer free on
> > v4l2_async_unregister_subdev()
> >
> > The v4l2_async_unbind_subdev_one() deallocates the pointer &asc-
> > >asc_subdev_entry. The same pointer is again used to deallocate in
> > list_del() leading to the below kernel crash.
> >
> > Unable to handle kernel paging request at virtual address
> > dead000000000108
> > v4l2_async_unregister_subdev+0xf8/0x164
> > rzg2l_csi2_remove+0x30/0x5c
> > platform_remove+0x28/0x64
> > device_remove+0x48/0x74
> > device_release_driver_internal+0x1d8/0x234
> > device_driver_detach+0x14/0x1c
> > unbind_store+0xac/0xb0
> >
> > Fixes: 28a1295795d8 ("media: v4l: async: Allow multiple connections
> > between entities")
> > Signed-off-by: Biju Das <biju.das.jz@xxxxxxxxxxxxxx>
> > ---
> > drivers/media/v4l2-core/v4l2-async.c | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > diff --git a/drivers/media/v4l2-core/v4l2-async.c
> > b/drivers/media/v4l2- core/v4l2-async.c index
> > 091e8cf4114b..8cfd593d293d 100644
> > --- a/drivers/media/v4l2-core/v4l2-async.c
> > +++ b/drivers/media/v4l2-core/v4l2-async.c
> > @@ -880,7 +880,6 @@ void v4l2_async_unregister_subdev(struct
> > v4l2_subdev
> > *sd)
> > &asc->notifier->waiting_list);
> >
> > v4l2_async_unbind_subdev_one(asc->notifier, asc);
> > - list_del(&asc->asc_subdev_entry);
> > }
> > }
> >
> > --
> > 2.25.1
