[PATCH 5.9 141/757] media: rcar_drif: Allocate v4l2_async_subdev dynamically

From: Greg Kroah-Hartman
Date: Tue Oct 27 2020 - 11:28:15 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.9 153/757] selftests/seccomp: Refactor arch register macros to avoid xtensa special case"
Previous message: Greg Kroah-Hartman: "[PATCH 5.9 114/757] lockdep: Fix usage_traceoverflow"
In reply to: Greg Kroah-Hartman: "[PATCH 5.9 114/757] lockdep: Fix usage_traceoverflow"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.9 153/757] selftests/seccomp: Refactor arch register macros to avoid xtensa special case"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Laurent Pinchart <laurent.pinchart+renesas@xxxxxxxxxxxxxxxx>

[ Upstream commit 468e986dac0e94194334ca6d0abf3af8c250792e ]

v4l2_async_notifier_add_subdev() requires the asd to be allocated
dynamically, but the rcar-drif driver embeds it in the
rcar_drif_graph_ep structure. This causes memory corruption when the
notifier is destroyed at remove time with v4l2_async_notifier_cleanup().

Fix this issue by registering the asd with
v4l2_async_notifier_add_fwnode_subdev(), which allocates it dynamically
internally.

Fixes: d079f94c9046 ("media: platform: Switch to v4l2_async_notifier_add_subdev")
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@xxxxxxxxxxxxxxxx>
Signed-off-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/media/platform/rcar_drif.c | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/drivers/media/platform/rcar_drif.c b/drivers/media/platform/rcar_drif.c
index 3f1e5cb8b1976..f318cd4b8086f 100644
--- a/drivers/media/platform/rcar_drif.c
+++ b/drivers/media/platform/rcar_drif.c
@@ -185,7 +185,6 @@ struct rcar_drif_frame_buf {
/* OF graph endpoint's V4L2 async data */
struct rcar_drif_graph_ep {
struct v4l2_subdev *subdev; /* Async matched subdev */
- struct v4l2_async_subdev asd; /* Async sub-device descriptor */
};

/* DMA buffer */
@@ -1109,12 +1108,6 @@ static int rcar_drif_notify_bound(struct v4l2_async_notifier *notifier,
struct rcar_drif_sdr *sdr =
container_of(notifier, struct rcar_drif_sdr, notifier);

- if (sdr->ep.asd.match.fwnode !=
- of_fwnode_handle(subdev->dev->of_node)) {
- rdrif_err(sdr, "subdev %s cannot bind\n", subdev->name);
- return -EINVAL;
- }
-
v4l2_set_subdev_hostdata(subdev, sdr);
sdr->ep.subdev = subdev;
rdrif_dbg(sdr, "bound asd %s\n", subdev->name);
@@ -1218,7 +1211,7 @@ static int rcar_drif_parse_subdevs(struct rcar_drif_sdr *sdr)
{
struct v4l2_async_notifier *notifier = &sdr->notifier;
struct fwnode_handle *fwnode, *ep;
- int ret;
+ struct v4l2_async_subdev *asd;

v4l2_async_notifier_init(notifier);

@@ -1237,12 +1230,13 @@ static int rcar_drif_parse_subdevs(struct rcar_drif_sdr *sdr)
return -EINVAL;
}

- sdr->ep.asd.match.fwnode = fwnode;
- sdr->ep.asd.match_type = V4L2_ASYNC_MATCH_FWNODE;
- ret = v4l2_async_notifier_add_subdev(notifier, &sdr->ep.asd);
+ asd = v4l2_async_notifier_add_fwnode_subdev(notifier, fwnode,
+ sizeof(*asd));
fwnode_handle_put(fwnode);
+ if (IS_ERR(asd))
+ return PTR_ERR(asd);

- return ret;
+ return 0;
}

/* Check if the given device is the primary bond */
--
2.25.1

Next message: Greg Kroah-Hartman: "[PATCH 5.9 153/757] selftests/seccomp: Refactor arch register macros to avoid xtensa special case"
Previous message: Greg Kroah-Hartman: "[PATCH 5.9 114/757] lockdep: Fix usage_traceoverflow"
In reply to: Greg Kroah-Hartman: "[PATCH 5.9 114/757] lockdep: Fix usage_traceoverflow"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.9 153/757] selftests/seccomp: Refactor arch register macros to avoid xtensa special case"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]