samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Derivar 0
Código Questões Pedidos de integração Operações Pacotes Planeamentos Lançamentos Wiki Trabalho

msm: camera: common: Fix NULL pointer dereference

Ver a proveniência 
Set the debugfs root entry pointer to null after
recursive remove at unbinding to prevent null pointer
dereference by kernel followed by kernel panic. Also,
add checks to avoid null pointer dereference.

CRs-Fixed: 2920490
Change-Id: I5a4f44f3d8f533f3a51e108472d5ccf93c261a98
Signed-off-by: Jigar Agrawal <jigar@codeaurora.org>
Este cometimento está contido em:
Jigar Agrawal
2021-04-08 18:45:06 -07:00
ascendente f77f1673d3
cometimento 5992dd4885
4 ficheiros modificados com 12 adições e 4 eliminações
Descarregar ficheiro patch Descarregar ficheiro diff Expandir todos os ficheiros Colapsar todos os ficheiros

5
drivers/cam_isp/isp_hw_mgr/hw_utils/irq_controller/cam_irq_controller.c
Ver ficheiro

@@ -111,6 +111,11 @@ int cam_irq_controller_deinit(void **irq_controller)
struct cam_irq_controller *controller = *irq_controller;
struct cam_irq_evt_handler *evt_handler = NULL;
if (!controller) {
CAM_ERR(CAM_IRQ_CTRL, "Null Pointer");
return -EINVAL;
}
while (!list_empty(&controller->evt_handler_list_head)) {
evt_handler = list_first_entry(
&controller->evt_handler_list_head,

3
drivers/cam_req_mgr/cam_req_mgr_debug.c
Ver ficheiro

@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (c) 2016-2020, The Linux Foundation. All rights reserved.
* Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.
*/
#include "cam_req_mgr_debug.h"
@@ -147,6 +147,7 @@ end:
int cam_req_mgr_debug_unregister(void)
{
debugfs_remove_recursive(debugfs_root);
debugfs_root = NULL;
return 0;
}

3
drivers/cam_sensor_module/cam_cci/cam_cci_dev.c
Ver ficheiro

@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
* Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
*/
#include "cam_cci_dev.h"
@@ -548,6 +548,7 @@ static void cam_cci_component_unbind(struct device *dev,
cam_cpas_unregister_client(cci_dev->cpas_handle);
debugfs_remove_recursive(debugfs_root);
debugfs_root = NULL;
cam_cci_soc_remove(pdev, cci_dev);
rc = cam_unregister_subdev(&(cci_dev->v4l2_dev_str));
if (rc < 0)

5
drivers/cam_sensor_module/cam_res_mgr/cam_res_mgr.c
Ver ficheiro

@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
* Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
*/
#include <linux/init.h>
@@ -932,7 +932,8 @@ static void cam_res_mgr_component_unbind(struct device *dev,
{
if (cam_res) {
cam_res_mgr_free_res();
devm_pinctrl_put(cam_res->pinctrl);
if (cam_res->pinctrl)
devm_pinctrl_put(cam_res->pinctrl);
cam_res->pinctrl = NULL;
cam_res->pstatus = PINCTRL_STATUS_PUT;
kfree(cam_res);