Re: [PATCH v4 01/11] media: cadence: csi2rx: Unregister v4l2 async notifier

[PATCH v4 00/11] CSI2RX support on J721E · Pratyush Yadav <hidden> · 2021-09-15
[PATCH v4 01/11] media: cadence: csi2rx: Unregister v4l2 async notifier · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 01/11] media: cadence: csi2rx: Unregister v4l2 async notifier · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
Re: [PATCH v4 01/11] media: cadence: csi2rx: Unregister v4l2 async notifier · Pratyush Yadav <hidden> · 2021-10-07
[PATCH v4 02/11] media: cadence: csi2rx: Add external DPHY support · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 02/11] media: cadence: csi2rx: Add external DPHY support · Sakari Ailus <sakari.ailus@linux.intel.com> · 2021-10-06
Re: [PATCH v4 02/11] media: cadence: csi2rx: Add external DPHY support · Pratyush Yadav <hidden> · 2021-10-06
Re: [PATCH v4 02/11] media: cadence: csi2rx: Add external DPHY support · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 03/11] media: cadence: csi2rx: Soft reset the streams before starting capture · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 03/11] media: cadence: csi2rx: Soft reset the streams before starting capture · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 04/11] media: cadence: csi2rx: Set the STOP bit when stopping a stream · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 04/11] media: cadence: csi2rx: Set the STOP bit when stopping a stream · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 06/11] media: cadence: csi2rx: Populate subdev devnode · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 06/11] media: cadence: csi2rx: Populate subdev devnode · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 05/11] media: cadence: csi2rx: Fix stream data configuration · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 05/11] media: cadence: csi2rx: Fix stream data configuration · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 07/11] media: Re-structure TI platform drivers · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 07/11] media: Re-structure TI platform drivers · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 08/11] media: ti: Add CSI2RX support for J721E · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 08/11] media: ti: Add CSI2RX support for J721E · Sakari Ailus <sakari.ailus@linux.intel.com> · 2021-10-06
Re: [PATCH v4 08/11] media: ti: Add CSI2RX support for J721E · Pratyush Yadav <hidden> · 2021-10-06
Re: [PATCH v4 08/11] media: ti: Add CSI2RX support for J721E · Sakari Ailus <sakari.ailus@linux.intel.com> · 2021-10-06
[PATCH v4 09/11] media: dt-bindings: Make sure items in data-lanes are unique · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 09/11] media: dt-bindings: Make sure items in data-lanes are unique · Rob Herring <robh@kernel.org> · 2021-09-21
Re: [PATCH v4 09/11] media: dt-bindings: Make sure items in data-lanes are unique · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 10/11] media: dt-bindings: Add DT bindings for TI J721E CSI2RX driver · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 10/11] media: dt-bindings: Add DT bindings for TI J721E CSI2RX driver · Rob Herring <robh@kernel.org> · 2021-09-21
Re: [PATCH v4 10/11] media: dt-bindings: Add DT bindings for TI J721E CSI2RX driver · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
[PATCH v4 11/11] media: dt-bindings: Convert Cadence CSI2RX binding to YAML · Pratyush Yadav <hidden> · 2021-09-15
Re: [PATCH v4 11/11] media: dt-bindings: Convert Cadence CSI2RX binding to YAML · Rob Herring <robh@kernel.org> · 2021-09-21
Re: [PATCH v4 11/11] media: dt-bindings: Convert Cadence CSI2RX binding to YAML · Laurent Pinchart <laurent.pinchart@ideasonboard.com> · 2021-10-06
Re: [PATCH v4 11/11] media: dt-bindings: Convert Cadence CSI2RX binding to YAML · Pratyush Yadav <hidden> · 2021-10-07
Re: [PATCH v4 00/11] CSI2RX support on J721E · Pratyush Yadav <hidden> · 2021-10-06

From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Date: 2021-10-06 23:31:30
Also in: linux-media, lkml

Hi Pratyush,

Thank you for the patch.

On Wed, Sep 15, 2021 at 05:32:30PM +0530, Pratyush Yadav wrote:

The notifier is added to the global notifier list when registered. When
the module is removed, the struct csi2rx_priv in which the notifier is
embedded, is destroyed. As a result the notifier list has a reference to
a notifier that no longer exists. This causes invalid memory accesses
when the list is iterated over. Similar for when the probe fails.

Unregister and clean up the notifier to avoid this.

Fixes: 1fc3b37f34f6 ("media: v4l: cadence: Add Cadence MIPI-CSI2 RX driver")
Signed-off-by: Pratyush Yadav <redacted>

Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>

Note that there are other issues in the driver in cleanup paths, in
particular a missing v4l2_async_notifier_cleanup() call in
csi2rx_parse_dt() when v4l2_async_notifier_add_fwnode_remote_subdev()
fails (moving the one from the other error path to an err label would be
best), and missing media_entity_cleanup() calls in both the probe error
path and the remove handler. Would you like to submit fixes for those ?

quoted hunk ↗ jump to hunk

---

(no changes since v3)

Changes in v3:
- New in v3.

 drivers/media/platform/cadence/cdns-csi2rx.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/media/platform/cadence/cdns-csi2rx.c b/drivers/media/platform/cadence/cdns-csi2rx.c
index 7b44ab2b8c9a..d60975f905d6 100644
--- a/drivers/media/platform/cadence/cdns-csi2rx.c
+++ b/drivers/media/platform/cadence/cdns-csi2rx.c

@@ -469,6 +469,7 @@ static int csi2rx_probe(struct platform_device *pdev)
 	return 0;
 
 err_cleanup:
+	v4l2_async_nf_unregister(&csi2rx->notifier);
 	v4l2_async_nf_cleanup(&csi2rx->notifier);
 err_free_priv:
 	kfree(csi2rx);

@@ -479,6 +480,8 @@ static int csi2rx_remove(struct platform_device *pdev)
 {
 	struct csi2rx_priv *csi2rx = platform_get_drvdata(pdev);
 
+	v4l2_async_nf_unregister(&csi2rx->notifier);
+	v4l2_async_nf_cleanup(&csi2rx->notifier);
 	v4l2_async_unregister_subdev(&csi2rx->subdev);
 	kfree(csi2rx);

-- 
Regards,

Laurent Pinchart

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help