Re: Fw: [PATCH v2] media: v4l2-core: fix size of devnode_nums[] bitarray

2018-04-05 Thread Peter Geis 

Good Morning,

Great Success!
After several reboots and power-off cycles, the issue appears to have 
been solved by this patch.


Excellent work!

Thanks,
Peter Geis

On 04/05/2018 07:09 AM, Mauro Carvalho Chehab wrote:

Please test if this patch solves the issues for you.

Regards,
Mauro

Forwarded message:

Date: Thu,  5 Apr 2018 07:13:41 -0300
From: Mauro Carvalho Chehab 
To: Linux Media Mailing List 
Cc: Mauro Carvalho Chehab , Mauro Carvalho Chehab , Al 
Viro , Hans Verkuil , Laurent Pinchart 
, Sakari Ailus , 
sta...@vger.kernel.org
Subject: [PATCH v2] media: v4l2-core: fix size of devnode_nums[] bitarray


The size of devnode_nums[] bit array is too short to store information
for VFL_TYPE_TOUCH. That causes it to override other memory regions.

Thankfully, on recent reports, it is overriding video_device[] array,
trigging a WARN_ON(). Yet, it just warns about the problem, but let
the code excecuting, with generates an OOPS:

[   43.177394] WARNING: CPU: 1 PID: 711 at 
drivers/media/v4l2-core/v4l2-dev.c:945 __video_register_device+0xc99/0x1090 
[videodev]
[   43.177396] Modules linked in: hid_sensor_custom hid_sensor_als 
hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d 
hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf 
joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc 
videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media 
hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl 
snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc 
snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core 
snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl 
snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm 
kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul
[   43.177426]  crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq 
aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd 
snd_timer intel_cstate intel_rapl_perf input_leds serio_raw 
intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop 
sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel 
intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me 
intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci 
nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport 
sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj 
hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass 
i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect
[   43.177466]  sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video 
pinctrl_sunrisepoint pinctrl_intel
[   43.177474] CPU: 1 PID: 711 Comm: systemd-udevd Not tainted 4.16.0 #1
[   43.177475] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016
[   43.177481] RIP: 0010:__video_register_device+0xc99/0x1090 [videodev]
[   43.177482] RSP: :a5c5c231b420 EFLAGS: 00010202
[   43.177484] RAX:  RBX: 0005 RCX: 
[   43.177485] RDX: c0c44cc0 RSI:  RDI: c0c44cc0
[   43.177486] RBP: a5c5c231b478 R08: c0c96900 R09: 8eda1a51f018
[   43.177487] R10: 0600 R11: 03b6 R12: 
[   43.177488] R13: 0005 R14: c0c96900 R15: 8eda1d6d91c0
[   43.177489] FS:  7fd2d8ef2480() GS:8eda3348() 
knlGS:
[   43.177490] CS:  0010 DS:  ES:  CR0: 80050033
[   43.177491] CR2: 7ffe0a6ad01c CR3: 000456ae2004 CR4: 003606e0
[   43.177492] Call Trace:
[   43.177498]  ? devres_add+0x5f/0x70
[   43.177502]  rmi_f54_probe+0x437/0x470 [rmi_core]
[   43.177505]  rmi_function_probe+0x25/0x30 [rmi_core]
[   43.177507]  driver_probe_device+0x310/0x480
[   43.177509]  __device_attach_driver+0x86/0x100
[   43.177511]  ? __driver_attach+0xf0/0xf0
[   43.177512]  bus_for_each_drv+0x6b/0xb0
[   43.177514]  __device_attach+0xdd/0x160
[   43.177516]  device_initial_probe+0x13/0x20
[   43.177518]  bus_probe_device+0x95/0xa0
[   43.177519]  device_add+0x44b/0x680
[   43.177522]  rmi_register_function+0x62/0xd0 [rmi_core]
[   43.177525]  rmi_create_function+0x112/0x1a0 [rmi_core]
[   43.177527]  ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core]
[   43.177530]  rmi_scan_pdt+0xca/0x1a0 [rmi_core]
[   43.177535]  rmi_init_functions+0x5b/0x120 [rmi_core]
[   43.177537]  rmi_driver_probe+0x152/0x3c0 [rmi_core]
[   43.177547]  ? sysfs_create_link+0x25/0x40
[   43.177549]  driver_probe_device+0x310/0x480
[   43.177551]

Fw: [PATCH v2] media: v4l2-core: fix size of devnode_nums[] bitarray

2018-04-05 Thread Mauro Carvalho Chehab 
Please test if this patch solves the issues for you.

Regards,
Mauro

Forwarded message:

Date: Thu,  5 Apr 2018 07:13:41 -0300
From: Mauro Carvalho Chehab 
To: Linux Media Mailing List 
Cc: Mauro Carvalho Chehab , Mauro Carvalho Chehab 
, Al Viro , Hans Verkuil 
, Laurent Pinchart 
, Sakari Ailus 
, sta...@vger.kernel.org
Subject: [PATCH v2] media: v4l2-core: fix size of devnode_nums[] bitarray


The size of devnode_nums[] bit array is too short to store information
for VFL_TYPE_TOUCH. That causes it to override other memory regions.

Thankfully, on recent reports, it is overriding video_device[] array,
trigging a WARN_ON(). Yet, it just warns about the problem, but let
the code excecuting, with generates an OOPS:

[   43.177394] WARNING: CPU: 1 PID: 711 at 
drivers/media/v4l2-core/v4l2-dev.c:945 __video_register_device+0xc99/0x1090 
[videodev]
[   43.177396] Modules linked in: hid_sensor_custom hid_sensor_als 
hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d 
hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf 
joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc 
videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media 
hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl 
snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc 
snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core 
snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl 
snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm 
kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul
[   43.177426]  crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq 
aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd 
snd_timer intel_cstate intel_rapl_perf input_leds serio_raw 
intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop 
sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel 
intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me 
intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci 
nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport 
sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj 
hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass 
i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect
[   43.177466]  sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video 
pinctrl_sunrisepoint pinctrl_intel
[   43.177474] CPU: 1 PID: 711 Comm: systemd-udevd Not tainted 4.16.0 #1
[   43.177475] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016
[   43.177481] RIP: 0010:__video_register_device+0xc99/0x1090 [videodev]
[   43.177482] RSP: :a5c5c231b420 EFLAGS: 00010202
[   43.177484] RAX:  RBX: 0005 RCX: 
[   43.177485] RDX: c0c44cc0 RSI:  RDI: c0c44cc0
[   43.177486] RBP: a5c5c231b478 R08: c0c96900 R09: 8eda1a51f018
[   43.177487] R10: 0600 R11: 03b6 R12: 
[   43.177488] R13: 0005 R14: c0c96900 R15: 8eda1d6d91c0
[   43.177489] FS:  7fd2d8ef2480() GS:8eda3348() 
knlGS:
[   43.177490] CS:  0010 DS:  ES:  CR0: 80050033
[   43.177491] CR2: 7ffe0a6ad01c CR3: 000456ae2004 CR4: 003606e0
[   43.177492] Call Trace:
[   43.177498]  ? devres_add+0x5f/0x70
[   43.177502]  rmi_f54_probe+0x437/0x470 [rmi_core]
[   43.177505]  rmi_function_probe+0x25/0x30 [rmi_core]
[   43.177507]  driver_probe_device+0x310/0x480
[   43.177509]  __device_attach_driver+0x86/0x100
[   43.177511]  ? __driver_attach+0xf0/0xf0
[   43.177512]  bus_for_each_drv+0x6b/0xb0
[   43.177514]  __device_attach+0xdd/0x160
[   43.177516]  device_initial_probe+0x13/0x20
[   43.177518]  bus_probe_device+0x95/0xa0
[   43.177519]  device_add+0x44b/0x680
[   43.177522]  rmi_register_function+0x62/0xd0 [rmi_core]
[   43.177525]  rmi_create_function+0x112/0x1a0 [rmi_core]
[   43.177527]  ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core]
[   43.177530]  rmi_scan_pdt+0xca/0x1a0 [rmi_core]
[   43.177535]  rmi_init_functions+0x5b/0x120 [rmi_core]
[   43.177537]  rmi_driver_probe+0x152/0x3c0 [rmi_core]
[   43.177547]  ? sysfs_create_link+0x25/0x40
[   43.177549]  driver_probe_device+0x310/0x480
[   43.177551]  __device_attach_driver+0x86/0x100
[   43.177553]  ? __driver_attach+0xf0/0xf0
[   43.177554]  bus_for_each_drv+0x6b/0xb0
[   43.177556]  __device_attach+0xdd/0x160
[   43.177558]  device_initial_probe+0x13/0x20
[   43.177560]