Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference.
Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that would need additional changes.
Fixes: 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") Cc: stable@vger.kernel.org Signed-off-by: Dave Stevenson dave.stevenson@raspberrypi.com Reviewed-by: Stefan Wahren wahrenst@gmx.net --- Noted as we switched to 6.12 that the driver would fail during probe with an invalid dereference if a camera module was actually configured for the legacy camera stack. https://github.com/raspberrypi/linux/issues/6753 --- Changes in v2: - cc stable - Add Stefan's R-b - Link to v1: https://lore.kernel.org/r/20250414-staging-bcm2835-v4l2-fix-v1-1-2b2db9a8f29... --- drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c index b839b50ac26a..fa7ea4ca4c36 100644 --- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c +++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c @@ -1900,6 +1900,7 @@ static int bcm2835_mmal_probe(struct vchiq_device *device) __func__, ret); goto free_dev; } + dev->v4l2_dev.dev = &device->dev;
/* setup v4l controls */ ret = bcm2835_mmal_init_controls(dev, &dev->ctrl_handler);
--- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250410-staging-bcm2835-v4l2-fix-b8dbd933c23b
Best regards,
linux-stable-mirror@lists.linaro.org
-
Dave Stevenson