Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp5660115rwb; Wed, 7 Sep 2022 06:17:52 -0700 (PDT) X-Google-Smtp-Source: AA6agR5dP2x5ES96DEtqkaIYQYi9P0HEnDWI5Du7hZplgimxJvmGQsTwtEAzAgM34CIdrmEYg8fa X-Received: by 2002:a17:902:76c6:b0:175:395c:b650 with SMTP id j6-20020a17090276c600b00175395cb650mr4005914plt.98.1662556672204; Wed, 07 Sep 2022 06:17:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662556672; cv=none; d=google.com; s=arc-20160816; b=Vojtt42NWVHEIxXfFh8tY4au0LtgTzJAGyVYomBAsRz0ck/YAztD66yRhIALVx9xTX ooaW50B8c6Te9xbxSjN+xmRkHNebgWmiLLd8Lx6cQcHQj7f4U/ZI3jQIVTxhfDpQyrOs nLAW3dkB5xsFQrJ/6X7w0zOs/qE8sXl9AkoUSfE7oFLnBvj2jQBeeTLOotBtH6CRq9Ws AZbK0mN1iKz3X9b9MAw/rMWQjKlSk6Hcnwr7WxCrUHMHoL9Yigt55rwGMyFNdGGN8eU9 2ilY8i/GPq8dRabv1H2KE3+1TsW/48bNShYHJRtntPMZG8VoMWsia3qf2r5jh77Gi8Q0 h4DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BwB5vSny4nkgj+hzU8B9xcDZpnrBAzN+hu4LdTrb7t0=; b=IdjETRbrwWFaTbG0i6GCK9EM+r0JA6B4wSEoNw76RpUBk1jecj+3CI6kwOGT4ynH0W RCVZ5gZF45Br33OPWxeORpFyS/V5wCSwjFJI3Z9V1QNeEU678xLCfKuHHQ1YN2mh3prL akou5kv5nTxjq9bJSJ80fDqRk6kqIGoDSRt+BBN/H8d004BHThGWziF+Ypg2HTdCZF1U zBuARQftZyZHWuNxSPnW3YpFP0Xy9O9fw/MN7e0hrXvfGmldTwZDvuJrZ4jp0yHavLq8 B5LcKtf/vOtrYnvImowf6KIsfNkGdUdCITdjebira3c7mWUn5L7QETQ2ZTPH7WDPjFHx K3dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=B0ZEiYkp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h4-20020a636c04000000b004197e33daf5si17535221pgc.863.2022.09.07.06.17.38; Wed, 07 Sep 2022 06:17:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=B0ZEiYkp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229482AbiIGNKM (ORCPT + 99 others); Wed, 7 Sep 2022 09:10:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230055AbiIGNJ5 (ORCPT ); Wed, 7 Sep 2022 09:09:57 -0400 Received: from perceval.ideasonboard.com (perceval.ideasonboard.com [IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2993F641D; Wed, 7 Sep 2022 06:09:53 -0700 (PDT) Received: from pendragon.ideasonboard.com (62-78-145-57.bb.dnainternet.fi [62.78.145.57]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id C12DADD; Wed, 7 Sep 2022 15:09:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1662556192; bh=TgDjbh1X5PWwjOUrKcdMzSbSbh7ByQ7P8DVTSSqcvhc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=B0ZEiYkpfOdxlUi2625QZOk1BNbHkCzOlXhEZhssODDTrqiQEfw7Oha+QJ0whJkCd qTrzYLNrWfxhQTGIXSbfdrr2IMN58MjWI9n1vcMXSnFliM5Dh2eg95gCwnAeyN1A3p H8EVUN7QKwgZNSm4D/ZQSt0mcfhQdNQDlnaBVVtU= Date: Wed, 7 Sep 2022 16:09:35 +0300 From: Laurent Pinchart To: Tomi Valkeinen Cc: Maximilian Luz , Sakari Ailus , Bingbu Cao , Tianshu Qiu , Mauro Carvalho Chehab , Greg Kroah-Hartman , Jacopo Mondi , Hans Verkuil , linux-media@vger.kernel.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH] media: staging/intel-ipu3: Finalize subdev initialization to allcoate active state Message-ID: References: <20220907123359.1275322-1-luzmaximilian@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 07, 2022 at 03:46:26PM +0300, Tomi Valkeinen wrote: > Hi Maximilian, > > On 07/09/2022 15:33, Maximilian Luz wrote: > > Commit f69952a4dc1e ("media: subdev: add active state to struct > > v4l2_subdev") introduced the active_state member to struct v4l2_subdev. > > This state needs to be allocated via v4l2_subdev_init_finalize(). The > > intel-ipu3 driver unfortunately does not do that, due to which, > > That is fine, a driver only needs to allocate the active state if it uses > the active state. > > > active_state is NULL and we run into an oops (NULL pointer dereference) > > when that state is accessed. > > > > In particular, this happens subdev in IOCTLs as commit 3cc7a4bbc381 > > ("media: subdev: pass also the active state to subdevs from ioctls") > > passes that state on to the subdev IOCTLs. An example scenario where > > this happens is running libcamera's qcam or cam on a device with IPU3, > > for example the Microsoft Surface Book 2. In this case, the oops is > > reproducibly in v4l2_subdev_get_try_crop(), called via > > imgu_subdev_set_selection(). > > > > To fix this, allocate the active_state member via > > v4l2_subdev_init_finalize(). > > This is not a correct fix. Sakari has sent (and maybe pushed?) this: > > https://lore.kernel.org/all/20220825190351.3241444-1-sakari.ailus@linux.intel.com/ This being said, it would be nice to convert drivers to use the active state, but that's not related to fixing this issue. > > Link: https://github.com/linux-surface/linux-surface/issues/907 > > Fixes: 3cc7a4bbc381 ("media: subdev: pass also the active state to subdevs from ioctls") > > Signed-off-by: Maximilian Luz > > --- > > drivers/staging/media/ipu3/ipu3-v4l2.c | 12 +++++++++++- > > 1 file changed, 11 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/staging/media/ipu3/ipu3-v4l2.c b/drivers/staging/media/ipu3/ipu3-v4l2.c > > index d1c539cefba8..84ab98ba9a2e 100644 > > --- a/drivers/staging/media/ipu3/ipu3-v4l2.c > > +++ b/drivers/staging/media/ipu3/ipu3-v4l2.c > > @@ -1093,10 +1093,18 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, > > "failed to create subdev v4l2 ctrl with err %d", r); > > goto fail_subdev; > > } > > + > > + r = v4l2_subdev_init_finalize(&imgu_sd->subdev); > > + if (r) { > > + dev_err(&imgu->pci_dev->dev, > > + "failed to initialize subdev (%d)\n", r); > > + goto fail_subdev; > > + } > > + > > r = v4l2_device_register_subdev(&imgu->v4l2_dev, &imgu_sd->subdev); > > if (r) { > > dev_err(&imgu->pci_dev->dev, > > - "failed initialize subdev (%d)\n", r); > > + "failed to register subdev (%d)\n", r); > > goto fail_subdev; > > } > > > > @@ -1104,6 +1112,7 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu, > > return 0; > > > > fail_subdev: > > + v4l2_subdev_cleanup(&imgu_sd->subdev); > > v4l2_ctrl_handler_free(imgu_sd->subdev.ctrl_handler); > > media_entity_cleanup(&imgu_sd->subdev.entity); > > > > @@ -1275,6 +1284,7 @@ static void imgu_v4l2_subdev_cleanup(struct imgu_device *imgu, unsigned int i) > > struct imgu_media_pipe *imgu_pipe = &imgu->imgu_pipe[i]; > > > > v4l2_device_unregister_subdev(&imgu_pipe->imgu_sd.subdev); > > + v4l2_subdev_cleanup(&imgu_pipe->imgu_sd.subdev); > > v4l2_ctrl_handler_free(imgu_pipe->imgu_sd.subdev.ctrl_handler); > > media_entity_cleanup(&imgu_pipe->imgu_sd.subdev.entity); > > } > -- Regards, Laurent Pinchart