This is a note to let you know that I've just added the patch titled media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: media-v4l2-compat-ioctl32.c-make-ctrl_is_pointer-work-for-subdevs.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Thu Feb 15 08:44:17 CET 2018 From: Hans Verkuil <hverkuil@xxxxxxxxx> Date: Wed, 14 Feb 2018 12:52:35 +0100 Subject: media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs To: stable@xxxxxxxxxxxxxxx Cc: linux-media@xxxxxxxxxxxxxxx, Hans Verkuil <hans.verkuil@xxxxxxxxx>, Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx> Message-ID: <20180214115240.27650-10-hverkuil@xxxxxxxxx> From: Hans Verkuil <hansverk@xxxxxxxxx> commit 273caa260035c03d89ad63d72d8cd3d9e5c5e3f1 upstream. If the device is of type VFL_TYPE_SUBDEV then vdev->ioctl_ops is NULL so the 'if (!ops->vidioc_query_ext_ctrl)' check would crash. Add a test for !ops to the condition. All sub-devices that have controls will use the control framework, so they do not have an equivalent to ops->vidioc_query_ext_ctrl. Returning false if ops is NULL is the correct thing to do here. Fixes: b8c601e8af ("v4l2-compat-ioctl32.c: fix ctrl_is_pointer") Signed-off-by: Hans Verkuil <hans.verkuil@xxxxxxxxx> Acked-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx> Reported-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> Reviewed-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -612,7 +612,7 @@ static inline bool ctrl_is_pointer(struc return ctrl && ctrl->is_ptr; } - if (!ops->vidioc_query_ext_ctrl) + if (!ops || !ops->vidioc_query_ext_ctrl) return false; return !ops->vidioc_query_ext_ctrl(file, fh, &qec) && Patches currently in stable-queue which might be from hverkuil@xxxxxxxxx are queue-4.4/media-v4l2-compat-ioctl32.c-copy-m.userptr-in-put_v4l2_plane32.patch queue-4.4/media-v4l2-compat-ioctl32.c-avoid-sizeof-type.patch queue-4.4/media-v4l2-compat-ioctl32.c-drop-pr_info-for-unknown-buffer-type.patch queue-4.4/media-v4l2-compat-ioctl32.c-add-missing-vidioc_prepare_buf.patch queue-4.4/vb2-v4l2_buf_flag_done-is-set-after-dqbuf.patch queue-4.4/media-v4l2-compat-ioctl32.c-refactor-compat-ioctl32-logic.patch queue-4.4/media-v4l2-compat-ioctl32.c-fix-ctrl_is_pointer.patch queue-4.4/media-v4l2-compat-ioctl32.c-move-helper-functions-to-__get-put_v4l2_format32.patch queue-4.4/media-v4l2-compat-ioctl32.c-don-t-copy-back-the-result-for-certain-errors.patch queue-4.4/media-v4l2-compat-ioctl32.c-make-ctrl_is_pointer-work-for-subdevs.patch queue-4.4/media-v4l2-compat-ioctl32.c-fix-the-indentation.patch queue-4.4/media-v4l2-compat-ioctl32-copy-v4l2_window-global_alpha.patch queue-4.4/media-v4l2-ioctl.c-don-t-copy-back-the-result-for-enotty.patch queue-4.4/media-v4l2-compat-ioctl32.c-copy-clip-list-in-put_v4l2_window32.patch