Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

msm: camera: common: Fix NULL pointer dereference

Set the debugfs root entry pointer to null after
recursive remove at unbinding to prevent null pointer
dereference by kernel followed by kernel panic. Also,
add checks to avoid null pointer dereference.

CRs-Fixed: 2920490
Change-Id: I5a4f44f3d8f533f3a51e108472d5ccf93c261a98
Signed-off-by: Jigar Agrawal <[email protected]>
Jigar Agrawal 4 years ago
parent
f77f1673d3
commit
5992dd4885
4 changed files with 12 additions and 4 deletions
Split View Show Diff Stats
  1. 5 0
      drivers/cam_isp/isp_hw_mgr/hw_utils/irq_controller/cam_irq_controller.c
  2. 2 1
      drivers/cam_req_mgr/cam_req_mgr_debug.c
  3. 2 1
      drivers/cam_sensor_module/cam_cci/cam_cci_dev.c
  4. 3 2
      drivers/cam_sensor_module/cam_res_mgr/cam_res_mgr.c

+ 5 - 0
drivers/cam_isp/isp_hw_mgr/hw_utils/irq_controller/cam_irq_controller.c
View File 

@@ -111,6 +111,11 @@ int cam_irq_controller_deinit(void **irq_controller)
 
 	struct cam_irq_controller *controller = *irq_controller;
 
 	struct cam_irq_evt_handler *evt_handler = NULL;
 
 
+	if (!controller) {
 
+		CAM_ERR(CAM_IRQ_CTRL, "Null Pointer");
 
+		return -EINVAL;
 
+	}
 
+
 
 	while (!list_empty(&controller->evt_handler_list_head)) {
 
 		evt_handler = list_first_entry(
 
 			&controller->evt_handler_list_head,

+ 2 - 1
drivers/cam_req_mgr/cam_req_mgr_debug.c
View File 

@@ -1,6 +1,6 @@
 
 // SPDX-License-Identifier: GPL-2.0-only
 
 /*
 
- * Copyright (c) 2016-2020, The Linux Foundation. All rights reserved.
 
+ * Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.
 
  */
 
 
 #include "cam_req_mgr_debug.h"
 
@@ -147,6 +147,7 @@ end:
 
 int cam_req_mgr_debug_unregister(void)
 
 {
 
 	debugfs_remove_recursive(debugfs_root);
 
+	debugfs_root = NULL;
 
 	return 0;
 
 }

+ 2 - 1
drivers/cam_sensor_module/cam_cci/cam_cci_dev.c
View File 

@@ -1,6 +1,6 @@
 
 // SPDX-License-Identifier: GPL-2.0-only
 
 /*
 
- * Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
 
+ * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
 
  */
 
 
 #include "cam_cci_dev.h"
 
@@ -548,6 +548,7 @@ static void cam_cci_component_unbind(struct device *dev,
 
 
 	cam_cpas_unregister_client(cci_dev->cpas_handle);
 
 	debugfs_remove_recursive(debugfs_root);
 
+	debugfs_root = NULL;
 
 	cam_cci_soc_remove(pdev, cci_dev);
 
 	rc = cam_unregister_subdev(&(cci_dev->v4l2_dev_str));
 
 	if (rc < 0)

+ 3 - 2
drivers/cam_sensor_module/cam_res_mgr/cam_res_mgr.c
View File 

@@ -1,6 +1,6 @@
 
 // SPDX-License-Identifier: GPL-2.0-only
 
 /*
 
- * Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
 
+ * Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
 
  */
 
 
 #include <linux/init.h>
 
@@ -932,7 +932,8 @@ static void cam_res_mgr_component_unbind(struct device *dev,
 
 {
 
 	if (cam_res) {
 
 		cam_res_mgr_free_res();
 
-		devm_pinctrl_put(cam_res->pinctrl);
 
+		if (cam_res->pinctrl)
 
+			devm_pinctrl_put(cam_res->pinctrl);
 
 		cam_res->pinctrl = NULL;
 
 		cam_res->pstatus = PINCTRL_STATUS_PUT;
 
 		kfree(cam_res);