mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-28 15:20:41 +00:00
686ee9b625
Smatch is warning that: drivers/media/platform/qcom/venus/hfi_venus.c:1100 venus_isr() warn: variable dereferenced before check 'hdev' (see line 1097) The logic basically does: hdev = to_hfi_priv(core); with is translated to: hdev = core->priv; If the IRQ code can receive a NULL pointer for hdev, there's a bug there, as it will first try to de-reference the pointer, and then check if it is null. After looking at the code, it seems that this indeed can happen: Basically, the venus IRQ thread is started with: devm_request_threaded_irq() So, it will only be freed after the driver unbinds. In order to prevent the IRQ code to work with freed data, the logic at venus_hfi_destroy() sets core->priv to NULL, which would make the IRQ code to ignore any pending IRQs. There is, however a race condition, as core->priv is set to NULL only after being freed. So, we need also to move the core->priv = NULL to happen earlier. Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> |
||
|---|---|---|
| .. | ||
| cec | ||
| common | ||
| dvb-core | ||
| dvb-frontends | ||
| firewire | ||
| i2c | ||
| mc | ||
| mmc | ||
| pci | ||
| platform | ||
| radio | ||
| rc | ||
| spi | ||
| test-drivers | ||
| tuners | ||
| usb | ||
| v4l2-core | ||
| Kconfig | ||
| Makefile | ||