Re: [PATCH] media: qcom: camss: Fix potential crash in cleanup in camss_configure_pd()
From: Vladimir Zapolskiy
Date: Thu Sep 12 2024 - 03:51:32 EST
Hello Dan,
On 9/10/24 22:55, Dan Carpenter wrote:
This function calls dev_pm_domain_detach(camss->genpd, true) in the
cleanup path. But calling detach is only necessary if the attach
succeeded. If it didn't succeed then "camss->genpd" is either an error
pointer or NULL and it leads to a crash.
Fixes: 23aa4f0cd327 ("media: qcom: camss: Move VFE power-domain specifics into vfe.c")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
drivers/media/platform/qcom/camss/camss.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c
index 1923615f0eea..f4531e7341d4 100644
--- a/drivers/media/platform/qcom/camss/camss.c
+++ b/drivers/media/platform/qcom/camss/camss.c
@@ -2130,10 +2130,8 @@ static int camss_configure_pd(struct camss *camss)
if (camss->res->pd_name) {
camss->genpd = dev_pm_domain_attach_by_name(camss->dev,
camss->res->pd_name);
- if (IS_ERR(camss->genpd)) {
- ret = PTR_ERR(camss->genpd);
- goto fail_pm;
- }
+ if (IS_ERR(camss->genpd))
+ return PTR_ERR(camss->genpd);
}
if (!camss->genpd) {
@@ -2141,13 +2141,10 @@ static int camss_configure_pd(struct camss *camss)
*/
camss->genpd = dev_pm_domain_attach_by_id(camss->dev,
camss->genpd_num - 1);
- }
- if (IS_ERR_OR_NULL(camss->genpd)) {
+ if (IS_ERR(camss->genpd))
+ return PTR_ERR(camss->genpd);
if (!camss->genpd)
- ret = -ENODEV;
- else
- ret = PTR_ERR(camss->genpd);
- goto fail_pm;
+ return -ENODEV;
}
camss->genpd_link = device_link_add(camss->dev, camss->genpd,
DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME |
the problem has been already addressed, it is a real crash, not just
a potential one.
Please see https://lore.kernel.org/all/20240813210342.1765944-1-vladimir.zapolskiy@xxxxxxxxxx/
--
Best wishes,
Vladimir