[PATCH v10 03/13] media: cadence: csi2rx: Unregister v4l2 async notifier

From: Jai Luthra
Date: Mon Oct 09 2023 - 09:10:20 EST

Next message: Jai Luthra: "[PATCH v10 02/13] media: dt-bindings: cadence-csi2rx: Add TI compatible string"
Previous message: Jai Luthra: "[PATCH v10 00/13] CSI2RX support on J721E and AM62"
In reply to: Jai Luthra: "[PATCH v10 05/13] media: cadence: csi2rx: Add get_fmt and set_fmt pad ops"
Next in thread: Jai Luthra: "[PATCH v10 02/13] media: dt-bindings: cadence-csi2rx: Add TI compatible string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pratyush Yadav <p.yadav@xxxxxx>

The notifier is added to the global notifier list when registered. When
the module is removed, the struct csi2rx_priv in which the notifier is
embedded, is destroyed. As a result the notifier list has a reference to
a notifier that no longer exists. This causes invalid memory accesses
when the list is iterated over. Similar for when the probe fails.
Unregister and clean up the notifier to avoid this.

Fixes: 1fc3b37f34f6 ("media: v4l: cadence: Add Cadence MIPI-CSI2 RX driver")

Signed-off-by: Pratyush Yadav <p.yadav@xxxxxx>
Tested-by: Julien Massot <julien.massot@xxxxxxxxxxxxx>
Reviewed-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen@xxxxxxxxxxxxxxxx>
Reviewed-by: Maxime Ripard <mripard@xxxxxxxxxx>
Signed-off-by: Jai Luthra <j-luthra@xxxxxx>
---
drivers/media/platform/cadence/cdns-csi2rx.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/media/platform/cadence/cdns-csi2rx.c b/drivers/media/platform/cadence/cdns-csi2rx.c
index b9d9058e2ce3..64e472ca3594 100644
--- a/drivers/media/platform/cadence/cdns-csi2rx.c
+++ b/drivers/media/platform/cadence/cdns-csi2rx.c
@@ -479,8 +479,10 @@ static int csi2rx_parse_dt(struct csi2rx_priv *csi2rx)
asd = v4l2_async_nf_add_fwnode_remote(&csi2rx->notifier, fwh,
struct v4l2_async_connection);
of_node_put(ep);
- if (IS_ERR(asd))
+ if (IS_ERR(asd)) {
+ v4l2_async_nf_cleanup(&csi2rx->notifier);
return PTR_ERR(asd);
+ }

csi2rx->notifier.ops = &csi2rx_notifier_ops;

@@ -543,6 +545,7 @@ static int csi2rx_probe(struct platform_device *pdev)
return 0;

err_cleanup:
+ v4l2_async_nf_unregister(&csi2rx->notifier);
v4l2_async_nf_cleanup(&csi2rx->notifier);
err_free_priv:
kfree(csi2rx);
@@ -553,6 +556,8 @@ static void csi2rx_remove(struct platform_device *pdev)
{
struct csi2rx_priv *csi2rx = platform_get_drvdata(pdev);

+ v4l2_async_nf_unregister(&csi2rx->notifier);
+ v4l2_async_nf_cleanup(&csi2rx->notifier);
v4l2_async_unregister_subdev(&csi2rx->subdev);
kfree(csi2rx);
}

--
2.42.0

Next message: Jai Luthra: "[PATCH v10 02/13] media: dt-bindings: cadence-csi2rx: Add TI compatible string"
Previous message: Jai Luthra: "[PATCH v10 00/13] CSI2RX support on J721E and AM62"
In reply to: Jai Luthra: "[PATCH v10 05/13] media: cadence: csi2rx: Add get_fmt and set_fmt pad ops"
Next in thread: Jai Luthra: "[PATCH v10 02/13] media: dt-bindings: cadence-csi2rx: Add TI compatible string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]