Re: [PATCH] media: atomisp: fix NULL pointer dereference

From: Jiri Slaby
Date: Fri Jul 17 2020 - 03:54:17 EST

Next message: John Garry: "Re: [PATCH] [SCSI] libsas: add missing newline when printing 'enable' by sysfs"
Previous message: Anup Patel: "[PATCH v4 4/4] dt-bindings: timer: Add CLINT bindings"
In reply to: Jiri Slaby: "[PATCH] media: atomisp: fix NULL pointer dereference"
Next in thread: Andy Shevchenko: "Re: [PATCH] media: atomisp: fix NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16. 07. 20, 13:51, Jiri Slaby wrote:
> I am currently seeing:
> BUG: kernel NULL pointer dereference, address: 0000000000000002
> ...
> Hardware name: UMAX VisionBook 10Wi Pro/CQM1018CWP, BIOS CQ1018.007 09/22/2016
> RIP: 0010:gmin_subdev_add.cold+0x303/0x312 [atomisp_gmin_platform]
> ...
> Call Trace:
> gmin_camera_platform_data+0x2f/0x60 [atomisp_gmin_platform]
> ov2680_probe+0x7f/0x2b0 [atomisp_ov2680]
> i2c_device_probe+0x95/0x290
>
> power can be NULL and that is properly handled earlier in this function.
> Even i2c address is set there. So this is a duplicated assignment which
> can cause the bug above. Remove it.

BTW, the camera still doesn't work, but the kernel no longer crashes:

> atomisp_ov2680: module is from the staging directory, the quality is unknown, you have been warned.
> ov2680 i2c-OVTI2680:00: gmin_subdev_add: ACPI detected it on bus ID=CAMB, HID=OVTI2680
> ov2680 i2c-OVTI2680:00: found 'INT33F4:00' at address 0x34, adapter 6
> ov2680 i2c-OVTI2680:00: gmin: power management provided via XPower AXP288 PMIC (i2c addr 0x34)

For this CAM, the address is likely OK.

> ov2680 i2c-OVTI2680:00: found _DSM entry for 'CamClk': 1
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'ClkSrc'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_ClkSrc
> ov2680 i2c-OVTI2680:00: ClkSrc: using default (1)
> ov2680 i2c-OVTI2680:00: found _DSM entry for 'CsiPort': 0
> ov2680 i2c-OVTI2680:00: found _DSM entry for 'CsiLanes': 2
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'eldo1_1p8v'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_eldo1_1p8v
> ov2680 i2c-OVTI2680:00: eldo1_1p8v: using default (22)
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'eldo1_sel_reg'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_eldo1_sel_reg
> ov2680 i2c-OVTI2680:00: eldo1_sel_reg: using default (25)
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'eldo1_ctrl_shift'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_eldo1_ctrl_shift
> ov2680 i2c-OVTI2680:00: eldo1_ctrl_shift: using default (0)
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'eldo2_1p8v'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_eldo2_1p8v
> ov2680 i2c-OVTI2680:00: eldo2_1p8v: using default (22)
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'eldo2_sel_reg'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_eldo2_sel_reg
> ov2680 i2c-OVTI2680:00: eldo2_sel_reg: using default (26)
> ov2680 i2c-OVTI2680:00: didn't found _DSM entry for 'eldo2_ctrl_shift'
> ov2680 i2c-OVTI2680:00: Failed to find EFI variable OVTI2680:00_eldo2_ctrl_shift
> ov2680 i2c-OVTI2680:00: eldo2_ctrl_shift: using default (1)
> ov2680 i2c-OVTI2680:00: power_ctrl: off
> ov2680 i2c-OVTI2680:00: Failed to find EFI gmin variable gmin_V1P8GPIO
> ov2680 i2c-OVTI2680:00: V1P8GPIO: using default (-1)
> ov2680 i2c-OVTI2680:00: Failed to find EFI gmin variable gmin_V2P8GPIO
> ov2680 i2c-OVTI2680:00: V2P8GPIO: using default (-1)
> ov2680 i2c-OVTI2680:00: power_ctrl: on
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x1a, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x1a, value: 0x02, mask: 0x02
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x19, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x19, value: 0x01, mask: 0x01
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x1a, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x1a, value: 0x00, mask: 0x02
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x28, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x28, value: 0x20, mask: 0x20
> ov2680 i2c-OVTI2680:00: camera pdata: port: 0 lanes: 2 order: 00000002
> ov2680 i2c-OVTI2680:00: read error: reg=0x300a: -121

EREMOTEIO. So it shomehow doesn't work.

> ov2680 i2c-OVTI2680:00: sensor_id_high = 0x2
> ov2680 i2c-OVTI2680:00: ov2680_detect err s_config.
> ov2680 i2c-OVTI2680:00: power_ctrl: off
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x19, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x19, value: 0x00, mask: 0x01
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x1a, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x1a, value: 0x00, mask: 0x02
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x28, value: 0x16, mask: 0xff
> ov2680 i2c-OVTI2680:00: I2C write, addr: 0x34, reg: 0x28, value: 0x00, mask: 0x20
> ov2680 i2c-OVTI2680:00: sensor power-gating failed
> ov2680 i2c-OVTI2680:00: +++ out free

Another CAM:

> ov2680 i2c-OVTI2680:01: gmin_subdev_add: ACPI detected it on bus ID=CAMC, HID=OVTI2680
> ov2680 i2c-OVTI2680:01: gmin: power management provided via XPower AXP288 PMIC

now pmic_id is non-zero, so power is not initalized and causes the i2c
address below to be zero.

So either power should be static in that function or pmic_id should be
non-global (per device).

> ov2680 i2c-OVTI2680:01: found _DSM entry for 'CamClk': 1
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'ClkSrc'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_ClkSrc
> ov2680 i2c-OVTI2680:01: ClkSrc: using default (1)
> ov2680 i2c-OVTI2680:01: found _DSM entry for 'CsiPort': 1
> ov2680 i2c-OVTI2680:01: found _DSM entry for 'CsiLanes': 1
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'eldo1_1p8v'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_eldo1_1p8v
> ov2680 i2c-OVTI2680:01: eldo1_1p8v: using default (22)
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'eldo1_sel_reg'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_eldo1_sel_reg
> ov2680 i2c-OVTI2680:01: eldo1_sel_reg: using default (25)
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'eldo1_ctrl_shift'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_eldo1_ctrl_shift
> ov2680 i2c-OVTI2680:01: eldo1_ctrl_shift: using default (0)
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'eldo2_1p8v'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_eldo2_1p8v
> ov2680 i2c-OVTI2680:01: eldo2_1p8v: using default (22)
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'eldo2_sel_reg'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_eldo2_sel_reg
> ov2680 i2c-OVTI2680:01: eldo2_sel_reg: using default (26)
> ov2680 i2c-OVTI2680:01: didn't found _DSM entry for 'eldo2_ctrl_shift'
> ov2680 i2c-OVTI2680:01: Failed to find EFI variable OVTI2680:01_eldo2_ctrl_shift
> ov2680 i2c-OVTI2680:01: eldo2_ctrl_shift: using default (1)
> ov2680 i2c-OVTI2680:01: power_ctrl: off
> ov2680 i2c-OVTI2680:01: power_ctrl: on
> ov2680 i2c-OVTI2680:01: I2C write, addr: 0x00, reg: 0x1a, value: 0x16, mask: 0xff
> intel_soc_pmic_exec_mipi_pmic_seq_element: Unexpected i2c-addr: 0x00 (reg-addr 0x1a value 0x16 mask 0xff)
> ov2680 i2c-OVTI2680:01: I2C write, addr: 0x00, reg: 0x28, value: 0x16, mask: 0xff
> intel_soc_pmic_exec_mipi_pmic_seq_element: Unexpected i2c-addr: 0x00 (reg-addr 0x28 value 0x16 mask 0xff)
> ov2680 i2c-OVTI2680:01: I2C write, addr: 0x00, reg: 0x19, value: 0x16, mask: 0xff
> intel_soc_pmic_exec_mipi_pmic_seq_element: Unexpected i2c-addr: 0x00 (reg-addr 0x19 value 0x16 mask 0xff)
> ov2680 i2c-OVTI2680:01: I2C write, addr: 0x00, reg: 0x28, value: 0x16, mask: 0xff
> intel_soc_pmic_exec_mipi_pmic_seq_element: Unexpected i2c-addr: 0x00 (reg-addr 0x28 value 0x16 mask 0xff)
> ov2680 i2c-OVTI2680:01: power_ctrl: off
> ov2680 i2c-OVTI2680:01: sensor power-up failed
> ov2680 i2c-OVTI2680:01: ov2680 power-up err.
> ov2680 i2c-OVTI2680:01: power_ctrl: off
> ov2680 i2c-OVTI2680:01: sensor power-gating failed
> ov2680 i2c-OVTI2680:01: +++ out free

thanks,
--
js
suse labs

Next message: John Garry: "Re: [PATCH] [SCSI] libsas: add missing newline when printing 'enable' by sysfs"
Previous message: Anup Patel: "[PATCH v4 4/4] dt-bindings: timer: Add CLINT bindings"
In reply to: Jiri Slaby: "[PATCH] media: atomisp: fix NULL pointer dereference"
Next in thread: Andy Shevchenko: "Re: [PATCH] media: atomisp: fix NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]