diff options
| author | Rahul Sharma <sharah@codeaurora.org> | 2017-08-22 13:54:46 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-08-23 05:15:12 -0700 |
| commit | f062b231a13fcfa99bc111eb2034788e59504023 (patch) | |
| tree | 79c1e587c01c4dbe7af60adac6b36a366dcc90eb | |
| parent | e243bb85026ba9a88de4e860b265594da4f73706 (diff) | |
msm: ais: Fix crash when ioctl VIDIOC_MSM_SENSOR_INIT_CFG is called
The invalid slave_info is used by msm_sensor_driver_probe.
This causes crash when ioctl VIDIOC_MSM_SENSOR_INIT_CFG is
called repeatedly.
CRs-fixed: 2090483
Change-Id: I467c0a19d84658fb33da9677dcb904ebf49e4800
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
| -rw-r--r-- | drivers/media/platform/msm/ais/msm.c | 3 | ||||
| -rw-r--r-- | drivers/media/platform/msm/ais/sensor/msm_sensor_driver.c | 21 |
2 files changed, 17 insertions, 7 deletions
diff --git a/drivers/media/platform/msm/ais/msm.c b/drivers/media/platform/msm/ais/msm.c index 2a1ec86118c5..a3a742182e76 100644 --- a/drivers/media/platform/msm/ais/msm.c +++ b/drivers/media/platform/msm/ais/msm.c @@ -391,6 +391,9 @@ static void msm_add_sd_in_position(struct msm_sd_subdev *msm_subdev, struct msm_sd_subdev *temp_sd; list_for_each_entry(temp_sd, sd_list, list) { + if (temp_sd == msm_subdev) { + return; + } if (msm_subdev->close_seq < temp_sd->close_seq) { list_add_tail(&msm_subdev->list, &temp_sd->list); return; diff --git a/drivers/media/platform/msm/ais/sensor/msm_sensor_driver.c b/drivers/media/platform/msm/ais/sensor/msm_sensor_driver.c index c02972e5e993..58bddb1a3fba 100644 --- a/drivers/media/platform/msm/ais/sensor/msm_sensor_driver.c +++ b/drivers/media/platform/msm/ais/sensor/msm_sensor_driver.c @@ -105,7 +105,11 @@ static int32_t msm_sensor_driver_create_i2c_v4l_subdev s_ctrl->msm_sd.sd.entity.name = s_ctrl->msm_sd.sd.name; s_ctrl->sensordata->sensor_info->session_id = session_id; s_ctrl->msm_sd.close_seq = MSM_SD_CLOSE_2ND_CATEGORY | 0x3; - msm_sd_register(&s_ctrl->msm_sd); + rc = msm_sd_register(&s_ctrl->msm_sd); + if (rc < 0) { + pr_err("failed: msm_sd_register rc %d", rc); + return rc; + } msm_sensor_v4l2_subdev_fops = v4l2_subdev_fops; #ifdef CONFIG_COMPAT msm_sensor_v4l2_subdev_fops.compat_ioctl32 = @@ -133,7 +137,11 @@ static int32_t msm_sensor_driver_create_v4l_subdev s_ctrl->msm_sd.sd.entity.group_id = MSM_CAMERA_SUBDEV_SENSOR; s_ctrl->msm_sd.sd.entity.name = s_ctrl->msm_sd.sd.name; s_ctrl->msm_sd.close_seq = MSM_SD_CLOSE_2ND_CATEGORY | 0x3; - msm_sd_register(&s_ctrl->msm_sd); + rc = msm_sd_register(&s_ctrl->msm_sd); + if (rc < 0) { + pr_err("failed: msm_sd_register rc %d", rc); + return rc; + } msm_cam_copy_v4l2_subdev_fops(&msm_sensor_v4l2_subdev_fops); #ifdef CONFIG_COMPAT msm_sensor_v4l2_subdev_fops.compat_ioctl32 = @@ -888,11 +896,6 @@ CSID_TG: pr_err("%s probe succeeded", slave_info->sensor_name); - /* Set probe succeeded flag to 1 so that no other camera shall - * probed on this slot - */ - s_ctrl->is_probe_succeed = 1; - /* * Update the subdevice id of flash-src based on availability in kernel. */ @@ -931,6 +934,10 @@ CSID_TG: msm_sensor_fill_sensor_info(s_ctrl, probed_info, entity_name); + /* Set probe succeeded flag to 1 so that no other camera shall + * probed on this slot + */ + s_ctrl->is_probe_succeed = 1; return rc; free_camera_info: |