6.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@xxxxxxxxxx>
[ Upstream commit 284be5693163343e1cf17c03917eecd1d6681bcf ]
When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run
sensor->adev is not set yet.
So if either of the dev_warn() calls about unknown values are hit this
will lead to a NULL pointer deref.
Set sensor->adev earlier, with a borrowed ref to avoid making unrolling
on errors harder, to fix this.
Fixes: 485aa3df0dff ("media: ipu3-cio2: Parse sensor orientation and rotation")
Cc: Fabian Wüthrich <me@xxxxxxxx>
Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
Reviewed-by: Daniel Scally <dan.scally@xxxxxxxxxxxxxxxx>
Signed-off-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/media/pci/intel/ipu3/cio2-bridge.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/pci/intel/ipu3/cio2-bridge.c b/drivers/media/pci/intel/ipu3/cio2-bridge.c
index 3c2accfe54551..7fba87736b6b8 100644
--- a/drivers/media/pci/intel/ipu3/cio2-bridge.c
+++ b/drivers/media/pci/intel/ipu3/cio2-bridge.c
@@ -308,6 +308,11 @@ static int cio2_bridge_connect_sensor(const struct cio2_sensor_config *cfg,
}
sensor = &bridge->sensors[bridge->n_sensors];
+ /*
+ * Borrow our adev ref to the sensor for now, on success
+ * acpi_dev_get(adev) is done further below.
+ */
+ sensor->adev = adev;
ret = cio2_bridge_read_acpi_buffer(adev, "SSDB",
&sensor->ssdb,
--
2.40.1
