This is a note to let you know that I've just added the patch titled
media: ipu-bridge: Do not use on stack memory for software_node.name field
to the 6.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
media-ipu-bridge-do-not-use-on-stack-memory-for-soft.patch
and it can be found in the queue-6.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 5719fba3aeaf8531f65de2661ac91f9fbf0ad1e9
Author: Hans de Goede <hdegoede@xxxxxxxxxx>
Date: Wed Jul 5 23:29:54 2023 +0200
media: ipu-bridge: Do not use on stack memory for software_node.name field
[ Upstream commit 11e0a7c8e04ee5f406f2baa27761746cbedcfa11 ]
Commit 567f97bd381f ("media: ipu3-cio2: support multiple sensors and VCMs
with same HID") introduced an on stack vcm_name and then uses this for
the name field of the software_node struct used for the vcm.
But the software_node struct is much longer lived then the current
stack-frame, so this is no good.
Instead extend the ipu_node_names struct with an extra field to store
the vcm software_node name and use that.
Note this also changes the length of the allocated buffer from
ACPI_ID_LEN + 4 to 16. the name is filled with "<ipu_vcm_types[x]>-%u"
where ipu_vcm_types[x] is not an ACPI_ID. The maximum length of
the strings in the ipu_vcm_types[] array is 11 + 5 bytes for "-255\0"
means 16 bytes are needed in the worst case scenario.
Fixes: 567f97bd381f ("media: ipu3-cio2: support multiple sensors and VCMs with same HID")
Cc: Bingbu Cao <bingbu.cao@xxxxxxxxx>
Reviewed-by: Andy Shevchenko <andy@xxxxxxxxxx>
Reviewed-by: Daniel Scally <dan.scally@xxxxxxxxxxxxxxxx>
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
Signed-off-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/media/pci/intel/ipu-bridge.c b/drivers/media/pci/intel/ipu-bridge.c
index 38fa756602bc0..88490ea304dee 100644
--- a/drivers/media/pci/intel/ipu-bridge.c
+++ b/drivers/media/pci/intel/ipu-bridge.c
@@ -220,7 +220,6 @@ static void ipu_bridge_create_connection_swnodes(struct ipu_bridge *bridge,
struct ipu_sensor *sensor)
{
struct software_node *nodes = sensor->swnodes;
- char vcm_name[ACPI_ID_LEN + 4];
ipu_bridge_init_swnode_names(sensor);
@@ -240,10 +239,10 @@ static void ipu_bridge_create_connection_swnodes(struct ipu_bridge *bridge,
sensor->ipu_properties);
if (sensor->ssdb.vcmtype) {
/* append ssdb.link to distinguish VCM nodes with same HID */
- snprintf(vcm_name, sizeof(vcm_name), "%s-%u",
- ipu_vcm_types[sensor->ssdb.vcmtype - 1],
+ snprintf(sensor->node_names.vcm, sizeof(sensor->node_names.vcm),
+ "%s-%u", ipu_vcm_types[sensor->ssdb.vcmtype - 1],
sensor->ssdb.link);
- nodes[SWNODE_VCM] = NODE_VCM(vcm_name);
+ nodes[SWNODE_VCM] = NODE_VCM(sensor->node_names.vcm);
}
ipu_bridge_init_swnode_group(sensor);
diff --git a/drivers/media/pci/intel/ipu-bridge.h b/drivers/media/pci/intel/ipu-bridge.h
index d35b5f30ac3fc..1ff0b2d04d929 100644
--- a/drivers/media/pci/intel/ipu-bridge.h
+++ b/drivers/media/pci/intel/ipu-bridge.h
@@ -104,6 +104,7 @@ struct ipu_node_names {
char port[7];
char endpoint[11];
char remote_port[7];
+ char vcm[16];
};
struct ipu_sensor_config {
