From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Marek Szyprowski <m.szyprowski@samsung.com>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Sasha Levin <sashal@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 5.1 084/219] media: s5p-mfc: fix reading min scratch buffer size on MFC v6/v7
Date: Mon, 15 Jul 2019 10:01:25 -0400 [thread overview]
Message-ID: <20190715140341.6443-84-sashal@kernel.org> (raw)
In-Reply-To: <20190715140341.6443-1-sashal@kernel.org>
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit be22203aec440c1761ce8542c2636ac6c8951e3a ]
MFC v6 and v7 has no register to read min scratch buffer size, so it has
to be read conditionally only if hardware supports it. This fixes following
NULL pointer exception on SoCs with MFC v6/v7:
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = f25837f9
[00000000] *pgd=bd93d835
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in: btmrvl_sdio btmrvl bluetooth mwifiex_sdio mwifiex ecdh_generic ecc
Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
PC is at s5p_mfc_get_min_scratch_buf_size+0x30/0x3c
LR is at s5p_mfc_get_min_scratch_buf_size+0x28/0x3c
...
[<c074f998>] (s5p_mfc_get_min_scratch_buf_size) from [<c0745bc0>] (s5p_mfc_irq+0x814/0xa5c)
[<c0745bc0>] (s5p_mfc_irq) from [<c019a218>] (__handle_irq_event_percpu+0x64/0x3f8)
[<c019a218>] (__handle_irq_event_percpu) from [<c019a5d8>] (handle_irq_event_percpu+0x2c/0x7c)
[<c019a5d8>] (handle_irq_event_percpu) from [<c019a660>] (handle_irq_event+0x38/0x5c)
[<c019a660>] (handle_irq_event) from [<c019ebc4>] (handle_fasteoi_irq+0xc4/0x180)
[<c019ebc4>] (handle_fasteoi_irq) from [<c0199270>] (generic_handle_irq+0x24/0x34)
[<c0199270>] (generic_handle_irq) from [<c0199888>] (__handle_domain_irq+0x7c/0xec)
[<c0199888>] (__handle_domain_irq) from [<c04ac298>] (gic_handle_irq+0x58/0x9c)
[<c04ac298>] (gic_handle_irq) from [<c0101ab0>] (__irq_svc+0x70/0xb0)
Exception stack(0xe73ddc60 to 0xe73ddca8)
...
[<c0101ab0>] (__irq_svc) from [<c01967d8>] (console_unlock+0x5a8/0x6a8)
[<c01967d8>] (console_unlock) from [<c01981d0>] (vprintk_emit+0x118/0x2d8)
[<c01981d0>] (vprintk_emit) from [<c01983b0>] (vprintk_default+0x20/0x28)
[<c01983b0>] (vprintk_default) from [<c01989b4>] (printk+0x30/0x54)
[<c01989b4>] (printk) from [<c07500b8>] (s5p_mfc_init_decode_v6+0x1d4/0x284)
[<c07500b8>] (s5p_mfc_init_decode_v6) from [<c07230d0>] (vb2_start_streaming+0x24/0x150)
[<c07230d0>] (vb2_start_streaming) from [<c0724e4c>] (vb2_core_streamon+0x11c/0x15c)
[<c0724e4c>] (vb2_core_streamon) from [<c07478b8>] (vidioc_streamon+0x64/0xa0)
[<c07478b8>] (vidioc_streamon) from [<c0709640>] (__video_do_ioctl+0x28c/0x45c)
[<c0709640>] (__video_do_ioctl) from [<c0709bc8>] (video_usercopy+0x260/0x8a4)
[<c0709bc8>] (video_usercopy) from [<c02b3820>] (do_vfs_ioctl+0xb0/0x9fc)
[<c02b3820>] (do_vfs_ioctl) from [<c02b41a0>] (ksys_ioctl+0x34/0x58)
[<c02b41a0>] (ksys_ioctl) from [<c0101000>] (ret_fast_syscall+0x0/0x28)
Exception stack(0xe73ddfa8 to 0xe73ddff0)
...
---[ end trace 376cf5ba6e0bee93 ]---
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/s5p-mfc/s5p_mfc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c
index 9a53d3908b52..2504fe9761bf 100644
--- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
@@ -527,7 +527,8 @@ static void s5p_mfc_handle_seq_done(struct s5p_mfc_ctx *ctx,
dev);
ctx->mv_count = s5p_mfc_hw_call(dev->mfc_ops, get_mv_count,
dev);
- ctx->scratch_buf_size = s5p_mfc_hw_call(dev->mfc_ops,
+ if (FW_HAS_E_MIN_SCRATCH_BUF(dev))
+ ctx->scratch_buf_size = s5p_mfc_hw_call(dev->mfc_ops,
get_min_scratch_buf_size, dev);
if (ctx->img_width == 0 || ctx->img_height == 0)
ctx->state = MFCINST_ERROR;
--
2.20.1
next prev parent reply other threads:[~2019-07-15 14:08 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190715140341.6443-1-sashal@kernel.org>
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 019/219] media: dvb: usb: fix use after free in dvb_usb_device_exit Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 020/219] media: spi: IR LED: add missing of table registration Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 022/219] media: ov7740: avoid invalid framesize setting Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 023/219] media: marvell-ccic: fix DMA s/g desc number calculation Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 024/219] media: vpss: fix a potential NULL pointer dereference Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 025/219] media: media_device_enum_links32: clean a reserved field Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 026/219] media: venus: firmware: fix leaked of_node references Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 037/219] media: vim2m: fix two double-free issues Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 038/219] media: v4l2-core: fix use-after-free error Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 040/219] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 044/219] media: mc-device.c: don't memset __user pointer contents Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 045/219] media: saa7164: fix remove_proc_entry warning Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 046/219] media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 050/219] tua6100: Avoid build warnings Sasha Levin
2019-07-15 14:00 ` [PATCH AUTOSEL 5.1 054/219] media: wl128x: Fix some error handling in fm_v4l2_init_video_device() Sasha Levin
2019-07-15 14:01 ` [PATCH AUTOSEL 5.1 059/219] media: imx7-mipi-csis: Propagate the error if clock enabling fails Sasha Levin
2019-07-15 14:01 ` [PATCH AUTOSEL 5.1 061/219] media: aspeed: change irq to threaded irq Sasha Levin
2019-07-15 14:01 ` [PATCH AUTOSEL 5.1 075/219] media: uvcvideo: Fix access to uninitialized fields on probe error Sasha Levin
2019-07-15 14:01 ` [PATCH AUTOSEL 5.1 076/219] media: fdp1: Support M3N and E3 platforms Sasha Levin
2019-07-15 14:01 ` [PATCH AUTOSEL 5.1 082/219] media: davinci: vpif_capture: fix memory leak in vpif_probe() Sasha Levin
2019-07-15 14:01 ` Sasha Levin [this message]
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 126/219] media: s5p-mfc: Make additional clocks optional Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 127/219] media: i2c: fix warning same module names Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 130/219] media: mt9m111: fix fw-node refactoring Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 133/219] media: coda: fix mpeg2 sequence number handling Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 134/219] media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 135/219] media: coda: increment sequence offset for the last returned frame Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 136/219] media: vimc: cap: check v4l2_fill_pixfmt return value Sasha Levin
2019-07-15 14:02 ` [PATCH AUTOSEL 5.1 137/219] media: hdpvr: fix locking and a missing msleep Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190715140341.6443-84-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mchehab+samsung@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).