linux-toradex.git/drivers/media, branch v4.17 Linux kernel for Apalis and Colibri modules MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04T10:21:06+00:00 Mauro Carvalho Chehab mchehab+samsung@kernel.org 2018-04-25T09:34:48+00:00 3259081991a9398434f6f49468b960f136ac0158 From now on, I'll start using my @kernel.org as my development e-mail. As such, let's remove the entries that point to the old mchehab@s-opensource.com at MAINTAINERS file. For the files written with a copyright with mchehab@s-opensource, let's keep Samsung on their names, using mchehab+samsung@kernel.org, in order to keep pointing to my employer, with sponsors the work. For the files written before I join Samsung (on July, 4 2013), let's just use mchehab@kernel.org. For bug reports, we can simply point to just kernel.org, as this will reach my mchehab+samsung inbox anyway. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> Signed-off-by: Brian Warner <brian.warner@samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> 
From now on, I'll start using my @kernel.org as my development e-mail.

As such, let's remove the entries that point to the old
mchehab@s-opensource.com at MAINTAINERS file.

For the files written with a copyright with mchehab@s-opensource,
let's keep Samsung on their names, using mchehab+samsung@kernel.org,
in order to keep pointing to my employer, with sponsors the work.

For the files written before I join Samsung (on July, 4 2013),
let's just use mchehab@kernel.org.

For bug reports, we can simply point to just kernel.org, as
this will reach my mchehab+samsung inbox anyway.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Brian Warner <brian.warner@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Merge tag 'rproc-v4.17' of git://github.com/andersson/remoteproc 2018-04-10T19:09:27+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-04-10T19:09:27+00:00 92589cbdda677a84ca5e485e1083c7d3bdcfc7b9 Pull remoteproc updates from Bjorn Andersson: - add support for generating coredumps for remoteprocs using devcoredump - add the Qualcomm sysmon driver for intra-remoteproc crash handling - a number of fixes in Qualcomm and IMX drivers * tag 'rproc-v4.17' of git://github.com/andersson/remoteproc: remoteproc: fix null pointer dereference on glink only platforms soc: qcom: qmi: add CONFIG_NET dependency remoteproc: imx_rproc: Slightly simplify code in 'imx_rproc_probe()' remoteproc: imx_rproc: Re-use existing error handling path in 'imx_rproc_probe()' remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' samples: Introduce Qualcomm QMI sample client remoteproc: qcom: Introduce sysmon remoteproc: Pass type of shutdown to subdev remove remoteproc: qcom: Register segments for core dump soc: qcom: mdt-loader: Return relocation base remoteproc: Rename "load_rsc_table" to "parse_fw" remoteproc: Add remote processor coredump support remoteproc: Remove null character write of shared mem 
Pull remoteproc updates from Bjorn Andersson:

 - add support for generating coredumps for remoteprocs using
   devcoredump

 - add the Qualcomm sysmon driver for intra-remoteproc crash handling

 - a number of fixes in Qualcomm and IMX drivers

* tag 'rproc-v4.17' of git://github.com/andersson/remoteproc:
  remoteproc: fix null pointer dereference on glink only platforms
  soc: qcom: qmi: add CONFIG_NET dependency
  remoteproc: imx_rproc: Slightly simplify code in 'imx_rproc_probe()'
  remoteproc: imx_rproc: Re-use existing error handling path in 'imx_rproc_probe()'
  remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()'
  samples: Introduce Qualcomm QMI sample client
  remoteproc: qcom: Introduce sysmon
  remoteproc: Pass type of shutdown to subdev remove
  remoteproc: qcom: Register segments for core dump
  soc: qcom: mdt-loader: Return relocation base
  remoteproc: Rename "load_rsc_table" to "parse_fw"
  remoteproc: Add remote processor coredump support
  remoteproc: Remove null character write of shared mem
Merge tag 'media/v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2018-04-10T17:10:30+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-04-10T17:10:30+00:00 d36260050e1881dce09625a9352d8729c911a6e3 Pull media fixes from Mauro Carvalho Chehab: "A series of media updates/fixes for 4.17. There are two important core fix patches in this series: - A regression fix on Kernel 4.16 with causes it to not work with some input devices that depend on media core - A fix at compat32 bits with causes it to OOPS on overlay, and affects the Kernels where the CVE-2017-13166 was backported The remaining ones are other random fixes at the documentation and on drivers. The biggest part of this series is a set of 18 patches for the Intel atomisp driver. Currently, it produces hundreds of warnings/errors on sparse/smatch, causing me to sometimes ignore new warnings on other drivers that are not so broken. This driver is on really poor state, even for staging standards: it has several layers of abstraction on it, and it supports two different hardware. Selecting between them require to add a define (there isn't even a Kconfig option for such purpose). Just on this smatch cleanup, I could easily get rid of 8 "do-nothing" files. So, I'm seriously considering its removal from upstream, if I don't see any real work on addressing the problems there along this year" * tag 'media/v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (48 commits) media: v4l2-core: fix size of devnode_nums[] bitarray media: v4l2-compat-ioctl32: don't oops on overlay media: i2c: adv748x: afe: fix sparse warning media: extended-controls.rst: transmitter -> receiver media: staging: atomisp: stop duplicating input format types media: staging: atomisp: get rid of an unused var media: staging: atomisp: stop mixing enum types media: staging: atomisp: get rid of some static warnings media: staging: atomisp: use %p to print pointers media: staging: atomisp: remove an useless check media: staging: atomisp: avoid a warning if 32 bits build media: staging: atomisp: don't access a NULL var media: staging: atomisp: Get rid of *default.host.[ch] media: staging: atomisp: get rid of an unused function media: staging: atomisp: remove unused set_pd_base() media: staging: atomisp: fix endianess issues media: staging: atomisp: add a missing include media: staging: atomisp: get rid of stupid statements media: staging: atomisp: declare static vars as such media: staging: atomisp: ia_css_output.host: don't use var before check ... 
Pull media fixes from Mauro Carvalho Chehab:
 "A series of media updates/fixes for 4.17.

  There are two important core fix patches in this series:

   - A regression fix on Kernel 4.16 with causes it to not work with
     some input devices that depend on media core

   - A fix at compat32 bits with causes it to OOPS on overlay, and
     affects the Kernels where the CVE-2017-13166 was backported

  The remaining ones are other random fixes at the documentation and on
  drivers.

  The biggest part of this series is a set of 18 patches for the Intel
  atomisp driver. Currently, it produces hundreds of warnings/errors on
  sparse/smatch, causing me to sometimes ignore new warnings on other
  drivers that are not so broken. This driver is on really poor state,
  even for staging standards: it has several layers of abstraction on
  it, and it supports two different hardware. Selecting between them
  require to add a define (there isn't even a Kconfig option for such
  purpose). Just on this smatch cleanup, I could easily get rid of 8
  "do-nothing" files. So, I'm seriously considering its removal from
  upstream, if I don't see any real work on addressing the problems
  there along this year"

* tag 'media/v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (48 commits)
  media: v4l2-core: fix size of devnode_nums[] bitarray
  media: v4l2-compat-ioctl32: don't oops on overlay
  media: i2c: adv748x: afe: fix sparse warning
  media: extended-controls.rst: transmitter -> receiver
  media: staging: atomisp: stop duplicating input format types
  media: staging: atomisp: get rid of an unused var
  media: staging: atomisp: stop mixing enum types
  media: staging: atomisp: get rid of some static warnings
  media: staging: atomisp: use %p to print pointers
  media: staging: atomisp: remove an useless check
  media: staging: atomisp: avoid a warning if 32 bits build
  media: staging: atomisp: don't access a NULL var
  media: staging: atomisp: Get rid of *default.host.[ch]
  media: staging: atomisp: get rid of an unused function
  media: staging: atomisp: remove unused set_pd_base()
  media: staging: atomisp: fix endianess issues
  media: staging: atomisp: add a missing include
  media: staging: atomisp: get rid of stupid statements
  media: staging: atomisp: declare static vars as such
  media: staging: atomisp: ia_css_output.host: don't use var before check
  ...
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-04-06T18:07:08+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-04-06T18:07:08+00:00 9022ca6b1129da44e3d5c4fa779b8bb9ceabe2ce Pull misc vfs updates from Al Viro: "Assorted stuff, including Christoph's I_DIRTY patches" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: move I_DIRTY_INODE to fs.h ubifs: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) call ntfs: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) call gfs2: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) calls fs: fold open_check_o_direct into do_dentry_open vfs: Replace stray non-ASCII homoglyph characters with their ASCII equivalents vfs: make sure struct filename->iname is word-aligned get rid of pointless includes of fs_struct.h [poll] annotate SAA6588_CMD_POLL users 
Pull misc vfs updates from Al Viro:
 "Assorted stuff, including Christoph's I_DIRTY patches"

* 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  fs: move I_DIRTY_INODE to fs.h
  ubifs: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) call
  ntfs: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) call
  gfs2: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) calls
  fs: fold open_check_o_direct into do_dentry_open
  vfs: Replace stray non-ASCII homoglyph characters with their ASCII equivalents
  vfs: make sure struct filename->iname is word-aligned
  get rid of pointless includes of fs_struct.h
  [poll] annotate SAA6588_CMD_POLL users
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2018-04-05T18:56:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-04-05T18:56:35+00:00 672a9c106966f8d418478830975288b8096bb058 Pull trivial tree updates from Jiri Kosina. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: kfifo: fix inaccurate comment tools/thermal: tmon: fix for segfault net: Spelling s/stucture/structure/ edd: don't spam log if no EDD information is present Documentation: Fix early-microcode.txt references after file rename tracing: Block comments should align the * on each line treewide: Fix typos in printk GenWQE: Fix a typo in two comments treewide: Align function definition open/close braces 
Pull trivial tree updates from Jiri Kosina.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial:
  kfifo: fix inaccurate comment
  tools/thermal: tmon: fix for segfault
  net: Spelling s/stucture/structure/
  edd: don't spam log if no EDD information is present
  Documentation: Fix early-microcode.txt references after file rename
  tracing: Block comments should align the * on each line
  treewide: Fix typos in printk
  GenWQE: Fix a typo in two comments
  treewide: Align function definition open/close braces
media: v4l2-core: fix size of devnode_nums[] bitarray 2018-04-05T10:41:30+00:00 Mauro Carvalho Chehab mchehab@s-opensource.com 2018-04-05T09:51:15+00:00 a95845ba184b854106972f5d8f50354c2d272c06 The size of devnode_nums[] bit array is too short to store information for VFL_TYPE_TOUCH. That causes it to override other memory regions. Thankfully, on recent reports, it is overriding video_device[] array, trigging a WARN_ON(). Yet, it just warns about the problem, but let the code excecuting, with generates an OOPS: [ 43.177394] WARNING: CPU: 1 PID: 711 at drivers/media/v4l2-core/v4l2-dev.c:945 __video_register_device+0xc99/0x1090 [videodev] [ 43.177396] Modules linked in: hid_sensor_custom hid_sensor_als hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul [ 43.177426] crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd snd_timer intel_cstate intel_rapl_perf input_leds serio_raw intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect [ 43.177466] sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video pinctrl_sunrisepoint pinctrl_intel [ 43.177474] CPU: 1 PID: 711 Comm: systemd-udevd Not tainted 4.16.0 #1 [ 43.177475] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016 [ 43.177481] RIP: 0010:__video_register_device+0xc99/0x1090 [videodev] [ 43.177482] RSP: 0000:ffffa5c5c231b420 EFLAGS: 00010202 [ 43.177484] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000 [ 43.177485] RDX: ffffffffc0c44cc0 RSI: ffffffffffffffff RDI: ffffffffc0c44cc0 [ 43.177486] RBP: ffffa5c5c231b478 R08: ffffffffc0c96900 R09: ffff8eda1a51f018 [ 43.177487] R10: 0000000000000600 R11: 00000000000003b6 R12: 0000000000000000 [ 43.177488] R13: 0000000000000005 R14: ffffffffc0c96900 R15: ffff8eda1d6d91c0 [ 43.177489] FS: 00007fd2d8ef2480(0000) GS:ffff8eda33480000(0000) knlGS:0000000000000000 [ 43.177490] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.177491] CR2: 00007ffe0a6ad01c CR3: 0000000456ae2004 CR4: 00000000003606e0 [ 43.177492] Call Trace: [ 43.177498] ? devres_add+0x5f/0x70 [ 43.177502] rmi_f54_probe+0x437/0x470 [rmi_core] [ 43.177505] rmi_function_probe+0x25/0x30 [rmi_core] [ 43.177507] driver_probe_device+0x310/0x480 [ 43.177509] __device_attach_driver+0x86/0x100 [ 43.177511] ? __driver_attach+0xf0/0xf0 [ 43.177512] bus_for_each_drv+0x6b/0xb0 [ 43.177514] __device_attach+0xdd/0x160 [ 43.177516] device_initial_probe+0x13/0x20 [ 43.177518] bus_probe_device+0x95/0xa0 [ 43.177519] device_add+0x44b/0x680 [ 43.177522] rmi_register_function+0x62/0xd0 [rmi_core] [ 43.177525] rmi_create_function+0x112/0x1a0 [rmi_core] [ 43.177527] ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core] [ 43.177530] rmi_scan_pdt+0xca/0x1a0 [rmi_core] [ 43.177535] rmi_init_functions+0x5b/0x120 [rmi_core] [ 43.177537] rmi_driver_probe+0x152/0x3c0 [rmi_core] [ 43.177547] ? sysfs_create_link+0x25/0x40 [ 43.177549] driver_probe_device+0x310/0x480 [ 43.177551] __device_attach_driver+0x86/0x100 [ 43.177553] ? __driver_attach+0xf0/0xf0 [ 43.177554] bus_for_each_drv+0x6b/0xb0 [ 43.177556] __device_attach+0xdd/0x160 [ 43.177558] device_initial_probe+0x13/0x20 [ 43.177560] bus_probe_device+0x95/0xa0 [ 43.177561] device_add+0x44b/0x680 [ 43.177564] rmi_register_transport_device+0x84/0x100 [rmi_core] [ 43.177568] rmi_input_configured+0xbf/0x1a0 [hid_rmi] [ 43.177571] ? input_allocate_device+0xdf/0xf0 [ 43.177574] hidinput_connect+0x4a9/0x37a0 [hid] [ 43.177578] hid_connect+0x326/0x3d0 [hid] [ 43.177581] hid_hw_start+0x42/0x70 [hid] [ 43.177583] rmi_probe+0x115/0x510 [hid_rmi] [ 43.177586] hid_device_probe+0xd3/0x150 [hid] [ 43.177588] ? sysfs_create_link+0x25/0x40 [ 43.177590] driver_probe_device+0x310/0x480 [ 43.177592] __driver_attach+0xbf/0xf0 [ 43.177593] ? driver_probe_device+0x480/0x480 [ 43.177595] bus_for_each_dev+0x74/0xb0 [ 43.177597] ? kmem_cache_alloc_trace+0x1a6/0x1c0 [ 43.177599] driver_attach+0x1e/0x20 [ 43.177600] bus_add_driver+0x167/0x260 [ 43.177602] ? 0xffffffffc0cbc000 [ 43.177604] driver_register+0x60/0xe0 [ 43.177605] ? 0xffffffffc0cbc000 [ 43.177607] __hid_register_driver+0x63/0x70 [hid] [ 43.177610] rmi_driver_init+0x23/0x1000 [hid_rmi] [ 43.177612] do_one_initcall+0x52/0x191 [ 43.177615] ? _cond_resched+0x19/0x40 [ 43.177617] ? kmem_cache_alloc_trace+0xa2/0x1c0 [ 43.177619] ? do_init_module+0x27/0x209 [ 43.177621] do_init_module+0x5f/0x209 [ 43.177623] load_module+0x1987/0x1f10 [ 43.177626] ? ima_post_read_file+0x96/0xa0 [ 43.177629] SYSC_finit_module+0xfc/0x120 [ 43.177630] ? SYSC_finit_module+0xfc/0x120 [ 43.177632] SyS_finit_module+0xe/0x10 [ 43.177634] do_syscall_64+0x73/0x130 [ 43.177637] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 43.177638] RIP: 0033:0x7fd2d880b839 [ 43.177639] RSP: 002b:00007ffe0a6b2368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 43.177641] RAX: ffffffffffffffda RBX: 000055cdd86542e0 RCX: 00007fd2d880b839 [ 43.177641] RDX: 0000000000000000 RSI: 00007fd2d84ea0e5 RDI: 0000000000000016 [ 43.177642] RBP: 00007fd2d84ea0e5 R08: 0000000000000000 R09: 00007ffe0a6b2480 [ 43.177643] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000 [ 43.177644] R13: 000055cdd8688930 R14: 0000000000020000 R15: 000055cdd86542e0 [ 43.177645] Code: 48 c7 c7 54 b4 c3 c0 e8 96 9d ec dd e9 d4 fb ff ff 0f 0b 41 be ea ff ff ff e9 c7 fb ff ff 0f 0b 41 be ea ff ff ff e9 ba fb ff ff <0f> 0b e9 d8 f4 ff ff 83 fa 01 0f 84 c4 02 00 00 48 83 78 68 00 [ 43.177675] ---[ end trace d44d9bc41477c2dd ]--- [ 43.177679] BUG: unable to handle kernel NULL pointer dereference at 0000000000000499 [ 43.177723] IP: __video_register_device+0x1cc/0x1090 [videodev] [ 43.177749] PGD 0 P4D 0 [ 43.177764] Oops: 0000 [#1] SMP PTI [ 43.177780] Modules linked in: hid_sensor_custom hid_sensor_als hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul [ 43.178055] crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd snd_timer intel_cstate intel_rapl_perf input_leds serio_raw intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect [ 43.178337] sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video pinctrl_sunrisepoint pinctrl_intel [ 43.178380] CPU: 1 PID: 711 Comm: systemd-udevd Tainted: G W 4.16.0 #1 [ 43.178411] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016 [ 43.178441] RIP: 0010:__video_register_device+0x1cc/0x1090 [videodev] [ 43.178467] RSP: 0000:ffffa5c5c231b420 EFLAGS: 00010202 [ 43.178490] RAX: ffffffffc0c44cc0 RBX: 0000000000000005 RCX: ffffffffc0c454c0 [ 43.178519] RDX: 0000000000000001 RSI: ffff8eda1d6d9118 RDI: ffffffffc0c44cc0 [ 43.178549] RBP: ffffa5c5c231b478 R08: ffffffffc0c96900 R09: ffff8eda1a51f018 [ 43.178579] R10: 0000000000000600 R11: 00000000000003b6 R12: 0000000000000000 [ 43.178608] R13: 0000000000000005 R14: ffffffffc0c96900 R15: ffff8eda1d6d91c0 [ 43.178636] FS: 00007fd2d8ef2480(0000) GS:ffff8eda33480000(0000) knlGS:0000000000000000 [ 43.178669] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.178693] CR2: 0000000000000499 CR3: 0000000456ae2004 CR4: 00000000003606e0 [ 43.178721] Call Trace: [ 43.178736] ? devres_add+0x5f/0x70 [ 43.178755] rmi_f54_probe+0x437/0x470 [rmi_core] [ 43.178779] rmi_function_probe+0x25/0x30 [rmi_core] [ 43.178805] driver_probe_device+0x310/0x480 [ 43.178828] __device_attach_driver+0x86/0x100 [ 43.178851] ? __driver_attach+0xf0/0xf0 [ 43.178884] bus_for_each_drv+0x6b/0xb0 [ 43.178904] __device_attach+0xdd/0x160 [ 43.178925] device_initial_probe+0x13/0x20 [ 43.178948] bus_probe_device+0x95/0xa0 [ 43.178968] device_add+0x44b/0x680 [ 43.178987] rmi_register_function+0x62/0xd0 [rmi_core] [ 43.181747] rmi_create_function+0x112/0x1a0 [rmi_core] [ 43.184677] ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core] [ 43.187505] rmi_scan_pdt+0xca/0x1a0 [rmi_core] [ 43.190171] rmi_init_functions+0x5b/0x120 [rmi_core] [ 43.192809] rmi_driver_probe+0x152/0x3c0 [rmi_core] [ 43.195403] ? sysfs_create_link+0x25/0x40 [ 43.198253] driver_probe_device+0x310/0x480 [ 43.201083] __device_attach_driver+0x86/0x100 [ 43.203800] ? __driver_attach+0xf0/0xf0 [ 43.206503] bus_for_each_drv+0x6b/0xb0 [ 43.209291] __device_attach+0xdd/0x160 [ 43.212207] device_initial_probe+0x13/0x20 [ 43.215146] bus_probe_device+0x95/0xa0 [ 43.217885] device_add+0x44b/0x680 [ 43.220597] rmi_register_transport_device+0x84/0x100 [rmi_core] [ 43.223321] rmi_input_configured+0xbf/0x1a0 [hid_rmi] [ 43.226051] ? input_allocate_device+0xdf/0xf0 [ 43.228814] hidinput_connect+0x4a9/0x37a0 [hid] [ 43.231701] hid_connect+0x326/0x3d0 [hid] [ 43.234548] hid_hw_start+0x42/0x70 [hid] [ 43.237302] rmi_probe+0x115/0x510 [hid_rmi] [ 43.239862] hid_device_probe+0xd3/0x150 [hid] [ 43.242558] ? sysfs_create_link+0x25/0x40 [ 43.242828] audit: type=1400 audit(1522795151.600:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine" pid=1151 comm="apparmor_parser" [ 43.244859] driver_probe_device+0x310/0x480 [ 43.244862] __driver_attach+0xbf/0xf0 [ 43.246982] audit: type=1400 audit(1522795151.600:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=1151 comm="apparmor_parser" [ 43.249403] ? driver_probe_device+0x480/0x480 [ 43.249405] bus_for_each_dev+0x74/0xb0 [ 43.253200] audit: type=1400 audit(1522795151.600:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine//snap_update_ns" pid=1151 comm="apparmor_parser" [ 43.254055] ? kmem_cache_alloc_trace+0x1a6/0x1c0 [ 43.256282] audit: type=1400 audit(1522795151.604:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=1152 comm="apparmor_parser" [ 43.258436] driver_attach+0x1e/0x20 [ 43.260875] audit: type=1400 audit(1522795151.604:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1152 comm="apparmor_parser" [ 43.263118] bus_add_driver+0x167/0x260 [ 43.267676] audit: type=1400 audit(1522795151.604:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=1152 comm="apparmor_parser" [ 43.268807] ? 0xffffffffc0cbc000 [ 43.268812] driver_register+0x60/0xe0 [ 43.271184] audit: type=1400 audit(1522795151.604:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=1152 comm="apparmor_parser" [ 43.274081] ? 0xffffffffc0cbc000 [ 43.274086] __hid_register_driver+0x63/0x70 [hid] [ 43.288367] rmi_driver_init+0x23/0x1000 [hid_rmi] [ 43.291501] do_one_initcall+0x52/0x191 [ 43.292348] audit: type=1400 audit(1522795151.652:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=1242 comm="apparmor_parser" [ 43.294212] ? _cond_resched+0x19/0x40 [ 43.300028] ? kmem_cache_alloc_trace+0xa2/0x1c0 [ 43.303475] ? do_init_module+0x27/0x209 [ 43.306842] do_init_module+0x5f/0x209 [ 43.310269] load_module+0x1987/0x1f10 [ 43.313704] ? ima_post_read_file+0x96/0xa0 [ 43.317174] SYSC_finit_module+0xfc/0x120 [ 43.320754] ? SYSC_finit_module+0xfc/0x120 [ 43.324065] SyS_finit_module+0xe/0x10 [ 43.327387] do_syscall_64+0x73/0x130 [ 43.330909] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 43.334305] RIP: 0033:0x7fd2d880b839 [ 43.337810] RSP: 002b:00007ffe0a6b2368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 43.341259] RAX: ffffffffffffffda RBX: 000055cdd86542e0 RCX: 00007fd2d880b839 [ 43.344613] RDX: 0000000000000000 RSI: 00007fd2d84ea0e5 RDI: 0000000000000016 [ 43.347962] RBP: 00007fd2d84ea0e5 R08: 0000000000000000 R09: 00007ffe0a6b2480 [ 43.351456] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000 [ 43.354845] R13: 000055cdd8688930 R14: 0000000000020000 R15: 000055cdd86542e0 [ 43.358224] Code: c7 05 ad 12 02 00 00 00 00 00 48 8d 88 00 08 00 00 eb 09 48 83 c0 08 48 39 c1 74 31 48 8b 10 48 85 d2 74 ef 49 8b b7 98 04 00 00 <48> 39 b2 98 04 00 00 75 df 48 63 92 f8 04 00 00 f0 48 0f ab 15 [ 43.361764] RIP: __video_register_device+0x1cc/0x1090 [videodev] RSP: ffffa5c5c231b420 [ 43.365281] CR2: 0000000000000499 This patch fixes the array size and changes the WARN_ON() to return an error, instead of letting the Kernel to proceed with registering. Cc: stable@vger.kernel.org # For Kernel 4.16 Fixes: 4839c58f034a ("media: v4l2-dev: convert VFL_TYPE_* into an enum") Reported-by: Peter Geis <pgwipeout@gmail.com> Reported-by: Jaak Ristioja <jaak@ristioja.ee> Reported-by: Michał Siemek <mihau69@gmail.com> Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> 
The size of devnode_nums[] bit array is too short to store information
for VFL_TYPE_TOUCH. That causes it to override other memory regions.

Thankfully, on recent reports, it is overriding video_device[] array,
trigging a WARN_ON(). Yet, it just warns about the problem, but let
the code excecuting, with generates an OOPS:

[   43.177394] WARNING: CPU: 1 PID: 711 at drivers/media/v4l2-core/v4l2-dev.c:945 __video_register_device+0xc99/0x1090 [videodev]
[   43.177396] Modules linked in: hid_sensor_custom hid_sensor_als hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul
[   43.177426]  crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd snd_timer intel_cstate intel_rapl_perf input_leds serio_raw intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect
[   43.177466]  sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video pinctrl_sunrisepoint pinctrl_intel
[   43.177474] CPU: 1 PID: 711 Comm: systemd-udevd Not tainted 4.16.0 #1
[   43.177475] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016
[   43.177481] RIP: 0010:__video_register_device+0xc99/0x1090 [videodev]
[   43.177482] RSP: 0000:ffffa5c5c231b420 EFLAGS: 00010202
[   43.177484] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[   43.177485] RDX: ffffffffc0c44cc0 RSI: ffffffffffffffff RDI: ffffffffc0c44cc0
[   43.177486] RBP: ffffa5c5c231b478 R08: ffffffffc0c96900 R09: ffff8eda1a51f018
[   43.177487] R10: 0000000000000600 R11: 00000000000003b6 R12: 0000000000000000
[   43.177488] R13: 0000000000000005 R14: ffffffffc0c96900 R15: ffff8eda1d6d91c0
[   43.177489] FS:  00007fd2d8ef2480(0000) GS:ffff8eda33480000(0000) knlGS:0000000000000000
[   43.177490] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.177491] CR2: 00007ffe0a6ad01c CR3: 0000000456ae2004 CR4: 00000000003606e0
[   43.177492] Call Trace:
[   43.177498]  ? devres_add+0x5f/0x70
[   43.177502]  rmi_f54_probe+0x437/0x470 [rmi_core]
[   43.177505]  rmi_function_probe+0x25/0x30 [rmi_core]
[   43.177507]  driver_probe_device+0x310/0x480
[   43.177509]  __device_attach_driver+0x86/0x100
[   43.177511]  ? __driver_attach+0xf0/0xf0
[   43.177512]  bus_for_each_drv+0x6b/0xb0
[   43.177514]  __device_attach+0xdd/0x160
[   43.177516]  device_initial_probe+0x13/0x20
[   43.177518]  bus_probe_device+0x95/0xa0
[   43.177519]  device_add+0x44b/0x680
[   43.177522]  rmi_register_function+0x62/0xd0 [rmi_core]
[   43.177525]  rmi_create_function+0x112/0x1a0 [rmi_core]
[   43.177527]  ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core]
[   43.177530]  rmi_scan_pdt+0xca/0x1a0 [rmi_core]
[   43.177535]  rmi_init_functions+0x5b/0x120 [rmi_core]
[   43.177537]  rmi_driver_probe+0x152/0x3c0 [rmi_core]
[   43.177547]  ? sysfs_create_link+0x25/0x40
[   43.177549]  driver_probe_device+0x310/0x480
[   43.177551]  __device_attach_driver+0x86/0x100
[   43.177553]  ? __driver_attach+0xf0/0xf0
[   43.177554]  bus_for_each_drv+0x6b/0xb0
[   43.177556]  __device_attach+0xdd/0x160
[   43.177558]  device_initial_probe+0x13/0x20
[   43.177560]  bus_probe_device+0x95/0xa0
[   43.177561]  device_add+0x44b/0x680
[   43.177564]  rmi_register_transport_device+0x84/0x100 [rmi_core]
[   43.177568]  rmi_input_configured+0xbf/0x1a0 [hid_rmi]
[   43.177571]  ? input_allocate_device+0xdf/0xf0
[   43.177574]  hidinput_connect+0x4a9/0x37a0 [hid]
[   43.177578]  hid_connect+0x326/0x3d0 [hid]
[   43.177581]  hid_hw_start+0x42/0x70 [hid]
[   43.177583]  rmi_probe+0x115/0x510 [hid_rmi]
[   43.177586]  hid_device_probe+0xd3/0x150 [hid]
[   43.177588]  ? sysfs_create_link+0x25/0x40
[   43.177590]  driver_probe_device+0x310/0x480
[   43.177592]  __driver_attach+0xbf/0xf0
[   43.177593]  ? driver_probe_device+0x480/0x480
[   43.177595]  bus_for_each_dev+0x74/0xb0
[   43.177597]  ? kmem_cache_alloc_trace+0x1a6/0x1c0
[   43.177599]  driver_attach+0x1e/0x20
[   43.177600]  bus_add_driver+0x167/0x260
[   43.177602]  ? 0xffffffffc0cbc000
[   43.177604]  driver_register+0x60/0xe0
[   43.177605]  ? 0xffffffffc0cbc000
[   43.177607]  __hid_register_driver+0x63/0x70 [hid]
[   43.177610]  rmi_driver_init+0x23/0x1000 [hid_rmi]
[   43.177612]  do_one_initcall+0x52/0x191
[   43.177615]  ? _cond_resched+0x19/0x40
[   43.177617]  ? kmem_cache_alloc_trace+0xa2/0x1c0
[   43.177619]  ? do_init_module+0x27/0x209
[   43.177621]  do_init_module+0x5f/0x209
[   43.177623]  load_module+0x1987/0x1f10
[   43.177626]  ? ima_post_read_file+0x96/0xa0
[   43.177629]  SYSC_finit_module+0xfc/0x120
[   43.177630]  ? SYSC_finit_module+0xfc/0x120
[   43.177632]  SyS_finit_module+0xe/0x10
[   43.177634]  do_syscall_64+0x73/0x130
[   43.177637]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   43.177638] RIP: 0033:0x7fd2d880b839
[   43.177639] RSP: 002b:00007ffe0a6b2368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   43.177641] RAX: ffffffffffffffda RBX: 000055cdd86542e0 RCX: 00007fd2d880b839
[   43.177641] RDX: 0000000000000000 RSI: 00007fd2d84ea0e5 RDI: 0000000000000016
[   43.177642] RBP: 00007fd2d84ea0e5 R08: 0000000000000000 R09: 00007ffe0a6b2480
[   43.177643] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
[   43.177644] R13: 000055cdd8688930 R14: 0000000000020000 R15: 000055cdd86542e0
[   43.177645] Code: 48 c7 c7 54 b4 c3 c0 e8 96 9d ec dd e9 d4 fb ff ff 0f 0b 41 be ea ff ff ff e9 c7 fb ff ff 0f 0b 41 be ea ff ff ff e9 ba fb ff ff <0f> 0b e9 d8 f4 ff ff 83 fa 01 0f 84 c4 02 00 00 48 83 78 68 00
[   43.177675] ---[ end trace d44d9bc41477c2dd ]---
[   43.177679] BUG: unable to handle kernel NULL pointer dereference at 0000000000000499
[   43.177723] IP: __video_register_device+0x1cc/0x1090 [videodev]
[   43.177749] PGD 0 P4D 0
[   43.177764] Oops: 0000 [#1] SMP PTI
[   43.177780] Modules linked in: hid_sensor_custom hid_sensor_als hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul
[   43.178055]  crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd snd_timer intel_cstate intel_rapl_perf input_leds serio_raw intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect
[   43.178337]  sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video pinctrl_sunrisepoint pinctrl_intel
[   43.178380] CPU: 1 PID: 711 Comm: systemd-udevd Tainted: G        W        4.16.0 #1
[   43.178411] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016
[   43.178441] RIP: 0010:__video_register_device+0x1cc/0x1090 [videodev]
[   43.178467] RSP: 0000:ffffa5c5c231b420 EFLAGS: 00010202
[   43.178490] RAX: ffffffffc0c44cc0 RBX: 0000000000000005 RCX: ffffffffc0c454c0
[   43.178519] RDX: 0000000000000001 RSI: ffff8eda1d6d9118 RDI: ffffffffc0c44cc0
[   43.178549] RBP: ffffa5c5c231b478 R08: ffffffffc0c96900 R09: ffff8eda1a51f018
[   43.178579] R10: 0000000000000600 R11: 00000000000003b6 R12: 0000000000000000
[   43.178608] R13: 0000000000000005 R14: ffffffffc0c96900 R15: ffff8eda1d6d91c0
[   43.178636] FS:  00007fd2d8ef2480(0000) GS:ffff8eda33480000(0000) knlGS:0000000000000000
[   43.178669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.178693] CR2: 0000000000000499 CR3: 0000000456ae2004 CR4: 00000000003606e0
[   43.178721] Call Trace:
[   43.178736]  ? devres_add+0x5f/0x70
[   43.178755]  rmi_f54_probe+0x437/0x470 [rmi_core]
[   43.178779]  rmi_function_probe+0x25/0x30 [rmi_core]
[   43.178805]  driver_probe_device+0x310/0x480
[   43.178828]  __device_attach_driver+0x86/0x100
[   43.178851]  ? __driver_attach+0xf0/0xf0
[   43.178884]  bus_for_each_drv+0x6b/0xb0
[   43.178904]  __device_attach+0xdd/0x160
[   43.178925]  device_initial_probe+0x13/0x20
[   43.178948]  bus_probe_device+0x95/0xa0
[   43.178968]  device_add+0x44b/0x680
[   43.178987]  rmi_register_function+0x62/0xd0 [rmi_core]
[   43.181747]  rmi_create_function+0x112/0x1a0 [rmi_core]
[   43.184677]  ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core]
[   43.187505]  rmi_scan_pdt+0xca/0x1a0 [rmi_core]
[   43.190171]  rmi_init_functions+0x5b/0x120 [rmi_core]
[   43.192809]  rmi_driver_probe+0x152/0x3c0 [rmi_core]
[   43.195403]  ? sysfs_create_link+0x25/0x40
[   43.198253]  driver_probe_device+0x310/0x480
[   43.201083]  __device_attach_driver+0x86/0x100
[   43.203800]  ? __driver_attach+0xf0/0xf0
[   43.206503]  bus_for_each_drv+0x6b/0xb0
[   43.209291]  __device_attach+0xdd/0x160
[   43.212207]  device_initial_probe+0x13/0x20
[   43.215146]  bus_probe_device+0x95/0xa0
[   43.217885]  device_add+0x44b/0x680
[   43.220597]  rmi_register_transport_device+0x84/0x100 [rmi_core]
[   43.223321]  rmi_input_configured+0xbf/0x1a0 [hid_rmi]
[   43.226051]  ? input_allocate_device+0xdf/0xf0
[   43.228814]  hidinput_connect+0x4a9/0x37a0 [hid]
[   43.231701]  hid_connect+0x326/0x3d0 [hid]
[   43.234548]  hid_hw_start+0x42/0x70 [hid]
[   43.237302]  rmi_probe+0x115/0x510 [hid_rmi]
[   43.239862]  hid_device_probe+0xd3/0x150 [hid]
[   43.242558]  ? sysfs_create_link+0x25/0x40
[   43.242828] audit: type=1400 audit(1522795151.600:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine" pid=1151 comm="apparmor_parser"
[   43.244859]  driver_probe_device+0x310/0x480
[   43.244862]  __driver_attach+0xbf/0xf0
[   43.246982] audit: type=1400 audit(1522795151.600:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=1151 comm="apparmor_parser"
[   43.249403]  ? driver_probe_device+0x480/0x480
[   43.249405]  bus_for_each_dev+0x74/0xb0
[   43.253200] audit: type=1400 audit(1522795151.600:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine//snap_update_ns" pid=1151 comm="apparmor_parser"
[   43.254055]  ? kmem_cache_alloc_trace+0x1a6/0x1c0
[   43.256282] audit: type=1400 audit(1522795151.604:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=1152 comm="apparmor_parser"
[   43.258436]  driver_attach+0x1e/0x20
[   43.260875] audit: type=1400 audit(1522795151.604:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1152 comm="apparmor_parser"
[   43.263118]  bus_add_driver+0x167/0x260
[   43.267676] audit: type=1400 audit(1522795151.604:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=1152 comm="apparmor_parser"
[   43.268807]  ? 0xffffffffc0cbc000
[   43.268812]  driver_register+0x60/0xe0
[   43.271184] audit: type=1400 audit(1522795151.604:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=1152 comm="apparmor_parser"
[   43.274081]  ? 0xffffffffc0cbc000
[   43.274086]  __hid_register_driver+0x63/0x70 [hid]
[   43.288367]  rmi_driver_init+0x23/0x1000 [hid_rmi]
[   43.291501]  do_one_initcall+0x52/0x191
[   43.292348] audit: type=1400 audit(1522795151.652:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=1242 comm="apparmor_parser"
[   43.294212]  ? _cond_resched+0x19/0x40
[   43.300028]  ? kmem_cache_alloc_trace+0xa2/0x1c0
[   43.303475]  ? do_init_module+0x27/0x209
[   43.306842]  do_init_module+0x5f/0x209
[   43.310269]  load_module+0x1987/0x1f10
[   43.313704]  ? ima_post_read_file+0x96/0xa0
[   43.317174]  SYSC_finit_module+0xfc/0x120
[   43.320754]  ? SYSC_finit_module+0xfc/0x120
[   43.324065]  SyS_finit_module+0xe/0x10
[   43.327387]  do_syscall_64+0x73/0x130
[   43.330909]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   43.334305] RIP: 0033:0x7fd2d880b839
[   43.337810] RSP: 002b:00007ffe0a6b2368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   43.341259] RAX: ffffffffffffffda RBX: 000055cdd86542e0 RCX: 00007fd2d880b839
[   43.344613] RDX: 0000000000000000 RSI: 00007fd2d84ea0e5 RDI: 0000000000000016
[   43.347962] RBP: 00007fd2d84ea0e5 R08: 0000000000000000 R09: 00007ffe0a6b2480
[   43.351456] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
[   43.354845] R13: 000055cdd8688930 R14: 0000000000020000 R15: 000055cdd86542e0
[   43.358224] Code: c7 05 ad 12 02 00 00 00 00 00 48 8d 88 00 08 00 00 eb 09 48 83 c0 08 48 39 c1 74 31 48 8b 10 48 85 d2 74 ef 49 8b b7 98 04 00 00 <48> 39 b2 98 04 00 00 75 df 48 63 92 f8 04 00 00 f0 48 0f ab 15
[   43.361764] RIP: __video_register_device+0x1cc/0x1090 [videodev] RSP: ffffa5c5c231b420
[   43.365281] CR2: 0000000000000499

This patch fixes the array size and changes the WARN_ON() to return an error,
instead of letting the Kernel to proceed with registering.

Cc: stable@vger.kernel.org # For Kernel 4.16
Fixes: 4839c58f034a ("media: v4l2-dev: convert VFL_TYPE_* into an enum")
Reported-by: Peter Geis <pgwipeout@gmail.com>
Reported-by: Jaak Ristioja <jaak@ristioja.ee>
Reported-by: Michał Siemek <mihau69@gmail.com>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
media: v4l2-compat-ioctl32: don't oops on overlay 2018-04-05T09:30:15+00:00 Mauro Carvalho Chehab mchehab@s-opensource.com 2018-03-28T17:59:22+00:00 85ea29f19eab56ec16ec6b92bc67305998706afa At put_v4l2_window32(), it tries to access kp->clips. However, kp points to an userspace pointer. So, it should be obtained via get_user(), otherwise it can OOPS: vivid-000: ================== END STATUS ================== BUG: unable to handle kernel paging request at 00000000fffb18e0 IP: [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev] PGD 3f5776067 PUD 3f576f067 PMD 3f5769067 PTE 800000042548f067 Oops: 0001 [#1] SMP Modules linked in: vivid videobuf2_vmalloc videobuf2_memops v4l2_dv_timings videobuf2_core v4l2_common videodev media xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill binfmt_misc snd_hda_codec_hdmi i915 snd_hda_intel snd_hda_controller snd_hda_codec intel_rapl x86_pkg_temp_thermal snd_hwdep intel_powerclamp snd_pcm coretemp snd_seq_midi kvm_intel kvm snd_seq_midi_event snd_rawmidi i2c_algo_bit drm_kms_helper snd_seq drm crct10dif_pclmul e1000e snd_seq_device crc32_pclmul snd_timer ghash_clmulni_intel snd mei_me mei ptp pps_core soundcore lpc_ich video crc32c_intel [last unloaded: media] CPU: 2 PID: 28332 Comm: v4l2-compliance Not tainted 3.18.102+ #107 Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 task: ffff8804293f8000 ti: ffff8803f5640000 task.ti: ffff8803f5640000 RIP: 0010:[<ffffffffc05468d9>] [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev] RSP: 0018:ffff8803f5643e28 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000fffb1ab4 RDX: 00000000fffb1a68 RSI: 00000000fffb18d8 RDI: 00000000fffb1aa8 RBP: ffff8803f5643e48 R08: 0000000000000001 R09: ffff8803f54b0378 R10: 0000000000000000 R11: 0000000000000168 R12: 00000000fffb18c0 R13: 00000000fffb1a94 R14: 00000000fffb18c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff880456d00000(0063) knlGS:00000000f7100980 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000fffb18e0 CR3: 00000003f552b000 CR4: 00000000003407e0 Stack: 00000000fffb1a94 00000000c0cc5640 0000000000000056 ffff8804274f3600 ffff8803f5643ed0 ffffffffc0547e16 0000000000000003 ffff8803f5643eb0 ffffffff81301460 ffff88009db44b01 ffff880441942520 ffff8800c0d05640 Call Trace: [<ffffffffc0547e16>] v4l2_compat_ioctl32+0x12d6/0x1b1d [videodev] [<ffffffff81301460>] ? file_has_perm+0x70/0xc0 [<ffffffff81252a2c>] compat_SyS_ioctl+0xec/0x1200 [<ffffffff8173241a>] sysenter_dispatch+0x7/0x21 Code: 00 00 48 8b 80 48 c0 ff ff 48 83 e8 38 49 39 c6 0f 87 2b ff ff ff 49 8d 45 1c e8 a3 ce e3 c0 85 c0 0f 85 1a ff ff ff 41 8d 40 ff <4d> 8b 64 24 20 41 89 d5 48 8d 44 40 03 4d 8d 34 c4 eb 15 0f 1f RIP [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev] RSP <ffff8803f5643e28> CR2: 00000000fffb18e0 Tested with vivid driver on Kernel v3.18.102. Same bug happens upstream too: BUG: KASAN: user-memory-access in __put_v4l2_format32+0x98/0x4d0 [videodev] Read of size 8 at addr 00000000ffe48400 by task v4l2-compliance/8713 CPU: 0 PID: 8713 Comm: v4l2-compliance Not tainted 4.16.0-rc4+ #108 Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 Call Trace: dump_stack+0x5c/0x7c kasan_report+0x164/0x380 ? __put_v4l2_format32+0x98/0x4d0 [videodev] __put_v4l2_format32+0x98/0x4d0 [videodev] v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev] ? __fsnotify_inode_delete+0x20/0x20 ? __put_v4l2_format32+0x4d0/0x4d0 [videodev] compat_SyS_ioctl+0x646/0x14d0 ? do_ioctl+0x30/0x30 do_fast_syscall_32+0x191/0x3f4 entry_SYSENTER_compat+0x6b/0x7a ================================================================== Disabling lock debugging due to kernel taint BUG: unable to handle kernel paging request at 00000000ffe48400 IP: __put_v4l2_format32+0x98/0x4d0 [videodev] PGD 3a22fb067 P4D 3a22fb067 PUD 39b6f0067 PMD 39b6f1067 PTE 80000003256af067 Oops: 0001 [#1] SMP KASAN Modules linked in: vivid videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops v4l2_tpg v4l2_dv_timings videobuf2_v4l2 videobuf2_common v4l2_common videodev xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill ecdh_generic binfmt_misc snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp i915 coretemp snd_hda_intel snd_hda_codec kvm_intel snd_hwdep snd_hda_core kvm snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_seq_midi ghash_clmulni_intel snd_seq_midi_event i2c_algo_bit intel_cstate snd_rawmidi intel_uncore snd_seq drm_kms_helper e1000e snd_seq_device snd_timer intel_rapl_perf drm ptp snd mei_me mei lpc_ich pps_core soundcore video crc32c_intel CPU: 0 PID: 8713 Comm: v4l2-compliance Tainted: G B 4.16.0-rc4+ #108 Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 RIP: 0010:__put_v4l2_format32+0x98/0x4d0 [videodev] RSP: 0018:ffff8803b9be7d30 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8803ac983e80 RCX: ffffffff8cd929f2 RDX: 1ffffffff1d0a149 RSI: 0000000000000297 RDI: 0000000000000297 RBP: 00000000ffe485c0 R08: fffffbfff1cf5123 R09: ffffffff8e7a8948 R10: 0000000000000001 R11: fffffbfff1cf5122 R12: 00000000ffe483e0 R13: 00000000ffe485c4 R14: ffff8803ac985918 R15: 00000000ffe483e8 FS: 0000000000000000(0000) GS:ffff880407400000(0063) knlGS:00000000f7a46980 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000ffe48400 CR3: 00000003a83f2003 CR4: 00000000003606f0 Call Trace: v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev] ? __fsnotify_inode_delete+0x20/0x20 ? __put_v4l2_format32+0x4d0/0x4d0 [videodev] compat_SyS_ioctl+0x646/0x14d0 ? do_ioctl+0x30/0x30 do_fast_syscall_32+0x191/0x3f4 entry_SYSENTER_compat+0x6b/0x7a Code: 4c 89 f7 4d 8d 7c 24 08 e8 e6 a4 69 cb 48 8b 83 98 1a 00 00 48 83 e8 10 49 39 c7 0f 87 9d 01 00 00 49 8d 7c 24 20 e8 c8 a4 69 cb <4d> 8b 74 24 20 4c 89 ef 4c 89 fe ba 10 00 00 00 e8 23 d9 08 cc RIP: __put_v4l2_format32+0x98/0x4d0 [videodev] RSP: ffff8803b9be7d30 CR2: 00000000ffe48400 cc: stable@vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> 
At put_v4l2_window32(), it tries to access kp->clips. However,
kp points to an userspace pointer. So, it should be obtained
via get_user(), otherwise it can OOPS:

 vivid-000: ==================  END STATUS  ==================
 BUG: unable to handle kernel paging request at 00000000fffb18e0
 IP: [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev]
 PGD 3f5776067 PUD 3f576f067 PMD 3f5769067 PTE 800000042548f067
 Oops: 0001 [#1] SMP
 Modules linked in: vivid videobuf2_vmalloc videobuf2_memops v4l2_dv_timings videobuf2_core v4l2_common videodev media xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill binfmt_misc snd_hda_codec_hdmi i915 snd_hda_intel snd_hda_controller snd_hda_codec intel_rapl x86_pkg_temp_thermal snd_hwdep intel_powerclamp snd_pcm coretemp snd_seq_midi kvm_intel kvm snd_seq_midi_event snd_rawmidi i2c_algo_bit drm_kms_helper snd_seq drm crct10dif_pclmul e1000e snd_seq_device crc32_pclmul snd_timer ghash_clmulni_intel snd mei_me mei ptp pps_core soundcore lpc_ich video crc32c_intel [last unloaded: media]
 CPU: 2 PID: 28332 Comm: v4l2-compliance Not tainted 3.18.102+ #107
 Hardware name:                  /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
 task: ffff8804293f8000 ti: ffff8803f5640000 task.ti: ffff8803f5640000
 RIP: 0010:[<ffffffffc05468d9>]  [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev]
 RSP: 0018:ffff8803f5643e28  EFLAGS: 00010246
 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000fffb1ab4
 RDX: 00000000fffb1a68 RSI: 00000000fffb18d8 RDI: 00000000fffb1aa8
 RBP: ffff8803f5643e48 R08: 0000000000000001 R09: ffff8803f54b0378
 R10: 0000000000000000 R11: 0000000000000168 R12: 00000000fffb18c0
 R13: 00000000fffb1a94 R14: 00000000fffb18c8 R15: 0000000000000000
 FS:  0000000000000000(0000) GS:ffff880456d00000(0063) knlGS:00000000f7100980
 CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
 CR2: 00000000fffb18e0 CR3: 00000003f552b000 CR4: 00000000003407e0
 Stack:
  00000000fffb1a94 00000000c0cc5640 0000000000000056 ffff8804274f3600
  ffff8803f5643ed0 ffffffffc0547e16 0000000000000003 ffff8803f5643eb0
  ffffffff81301460 ffff88009db44b01 ffff880441942520 ffff8800c0d05640
 Call Trace:
  [<ffffffffc0547e16>] v4l2_compat_ioctl32+0x12d6/0x1b1d [videodev]
  [<ffffffff81301460>] ? file_has_perm+0x70/0xc0
  [<ffffffff81252a2c>] compat_SyS_ioctl+0xec/0x1200
  [<ffffffff8173241a>] sysenter_dispatch+0x7/0x21
 Code: 00 00 48 8b 80 48 c0 ff ff 48 83 e8 38 49 39 c6 0f 87 2b ff ff ff 49 8d 45 1c e8 a3 ce e3 c0 85 c0 0f 85 1a ff ff ff 41 8d 40 ff <4d> 8b 64 24 20 41 89 d5 48 8d 44 40 03 4d 8d 34 c4 eb 15 0f 1f
 RIP  [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev]
 RSP <ffff8803f5643e28>
 CR2: 00000000fffb18e0

Tested with vivid driver on Kernel v3.18.102.

Same bug happens upstream too:

 BUG: KASAN: user-memory-access in __put_v4l2_format32+0x98/0x4d0 [videodev]
 Read of size 8 at addr 00000000ffe48400 by task v4l2-compliance/8713

 CPU: 0 PID: 8713 Comm: v4l2-compliance Not tainted 4.16.0-rc4+ #108
 Hardware name:  /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
 Call Trace:
  dump_stack+0x5c/0x7c
  kasan_report+0x164/0x380
  ? __put_v4l2_format32+0x98/0x4d0 [videodev]
  __put_v4l2_format32+0x98/0x4d0 [videodev]
  v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev]
  ? __fsnotify_inode_delete+0x20/0x20
  ? __put_v4l2_format32+0x4d0/0x4d0 [videodev]
  compat_SyS_ioctl+0x646/0x14d0
  ? do_ioctl+0x30/0x30
  do_fast_syscall_32+0x191/0x3f4
  entry_SYSENTER_compat+0x6b/0x7a
 ==================================================================
 Disabling lock debugging due to kernel taint
 BUG: unable to handle kernel paging request at 00000000ffe48400
 IP: __put_v4l2_format32+0x98/0x4d0 [videodev]
 PGD 3a22fb067 P4D 3a22fb067 PUD 39b6f0067 PMD 39b6f1067 PTE 80000003256af067
 Oops: 0001 [#1] SMP KASAN
 Modules linked in: vivid videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops v4l2_tpg v4l2_dv_timings videobuf2_v4l2 videobuf2_common v4l2_common videodev xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill ecdh_generic binfmt_misc snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp i915 coretemp snd_hda_intel snd_hda_codec kvm_intel snd_hwdep snd_hda_core kvm snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_seq_midi ghash_clmulni_intel snd_seq_midi_event i2c_algo_bit intel_cstate snd_rawmidi intel_uncore snd_seq drm_kms_helper e1000e snd_seq_device snd_timer intel_rapl_perf
  drm ptp snd mei_me mei lpc_ich pps_core soundcore video crc32c_intel
 CPU: 0 PID: 8713 Comm: v4l2-compliance Tainted: G    B            4.16.0-rc4+ #108
 Hardware name:  /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
 RIP: 0010:__put_v4l2_format32+0x98/0x4d0 [videodev]
 RSP: 0018:ffff8803b9be7d30 EFLAGS: 00010282
 RAX: 0000000000000000 RBX: ffff8803ac983e80 RCX: ffffffff8cd929f2
 RDX: 1ffffffff1d0a149 RSI: 0000000000000297 RDI: 0000000000000297
 RBP: 00000000ffe485c0 R08: fffffbfff1cf5123 R09: ffffffff8e7a8948
 R10: 0000000000000001 R11: fffffbfff1cf5122 R12: 00000000ffe483e0
 R13: 00000000ffe485c4 R14: ffff8803ac985918 R15: 00000000ffe483e8
 FS:  0000000000000000(0000) GS:ffff880407400000(0063) knlGS:00000000f7a46980
 CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
 CR2: 00000000ffe48400 CR3: 00000003a83f2003 CR4: 00000000003606f0
 Call Trace:
  v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev]
  ? __fsnotify_inode_delete+0x20/0x20
  ? __put_v4l2_format32+0x4d0/0x4d0 [videodev]
  compat_SyS_ioctl+0x646/0x14d0
  ? do_ioctl+0x30/0x30
  do_fast_syscall_32+0x191/0x3f4
  entry_SYSENTER_compat+0x6b/0x7a
 Code: 4c 89 f7 4d 8d 7c 24 08 e8 e6 a4 69 cb 48 8b 83 98 1a 00 00 48 83 e8 10 49 39 c7 0f 87 9d 01 00 00 49 8d 7c 24 20 e8 c8 a4 69 cb <4d> 8b 74 24 20 4c 89 ef 4c 89 fe ba 10 00 00 00 e8 23 d9 08 cc
 RIP: __put_v4l2_format32+0x98/0x4d0 [videodev] RSP: ffff8803b9be7d30
 CR2: 00000000ffe48400

cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
media: i2c: adv748x: afe: fix sparse warning 2018-04-05T09:30:07+00:00 Niklas Söderlund niklas.soderlund+renesas@ragnatech.se 2018-03-26T22:09:51+00:00 2b8677ec0c6b08ad8e3c8aef0b0827994a305361 This fixes the following sparse warning: drivers/media/i2c/adv748x/adv748x-afe.c:294:34: expected unsigned int [usertype] *signal drivers/media/i2c/adv748x/adv748x-afe.c:294:34: got int *<noident> drivers/media/i2c/adv748x/adv748x-afe.c:294:34: warning: incorrect type in argument 2 (different signedness) Signed-off-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se> Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> 
This fixes the following sparse warning:

drivers/media/i2c/adv748x/adv748x-afe.c:294:34:    expected unsigned int [usertype] *signal
drivers/media/i2c/adv748x/adv748x-afe.c:294:34:    got int *<noident>
drivers/media/i2c/adv748x/adv748x-afe.c:294:34: warning: incorrect type in argument 2 (different signedness)

Signed-off-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
media: dvb_frontend: fix wrong cast in compat_ioctl 2018-04-04T10:27:28+00:00 Katsuhiro Suzuki suzuki.katsuhiro@socionext.com 2018-04-04T08:17:56+00:00 5c6c9c4830b76d851d38829611b3c3e4be0f5cdf FE_GET_PROPERTY has always failed as following situations: - Use compatible ioctl - The array of 'struct dtv_property' has 2 or more items This patch fixes wrong cast to a pointer 'struct dtv_property' from a pointer of 2nd or after item of 'struct compat_dtv_property' array. Signed-off-by: Katsuhiro Suzuki <suzuki.katsuhiro@socionext.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> 
FE_GET_PROPERTY has always failed as following situations:
  - Use compatible ioctl
  - The array of 'struct dtv_property' has 2 or more items

This patch fixes wrong cast to a pointer 'struct dtv_property' from a
pointer of 2nd or after item of 'struct compat_dtv_property' array.

Signed-off-by: Katsuhiro Suzuki <suzuki.katsuhiro@socionext.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
media: gspca: fix Kconfig help info 2018-04-04T10:27:28+00:00 winton.liu 18502523564@163.com 2018-04-03T12:04:45+00:00 732a9edc30c64207606792d577a87dc8410ff236 Documentation/video4linux/gspca.txt is missing. It has moved to Documentation/media/v4l-drivers/gspca-cardlist.rst Signed-off-by: winton.liu <18502523564@163.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> 
Documentation/video4linux/gspca.txt is missing.
It has moved to Documentation/media/v4l-drivers/gspca-cardlist.rst

Signed-off-by: winton.liu <18502523564@163.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>