From: Alexandre Courbot <acourbot@chromium.org>
To: Tiffany Lin <tiffany.lin@mediatek.com>,
Andrew-CT Chen <andrew-ct.chen@mediatek.com>,
Rob Herring <robh+dt@kernel.org>,
Yunfei Dong <yunfei.dong@mediatek.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mediatek@lists.infradead.org,
Hsin-Yi Wang <hsinyi@chromium.org>,
Alexandre Courbot <acourbot@chromium.org>
Subject: [PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list before removing
Date: Fri, 26 Feb 2021 19:01:48 +0900 [thread overview]
Message-ID: <20210226100148.1663389-16-acourbot@chromium.org> (raw)
In-Reply-To: <20210226100148.1663389-1-acourbot@chromium.org>
From: Hsin-Yi Wang <hsinyi@chromium.org>
It is possible that empty_flush_buf is removed in mtk_venc_worker() and
then again in vb2ops_venc_stop_streaming(). However, there's no empty
list check in v4l2_m2m_buf_remove_by_buf(). Double remove causes a
kernel crash.
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
[acourbot: fix commit log a bit]
Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
---
.../media/platform/mtk-vcodec/mtk_vcodec_enc.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
index 4de381b522ae..8af7e840b958 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
@@ -933,9 +933,21 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
}
/* STREAMOFF on the CAPTURE queue completes any ongoing flush */
if (ctx->is_flushing) {
+ struct v4l2_m2m_buffer *b, *n;
+
mtk_v4l2_debug(1, "STREAMOFF called while flushing");
- v4l2_m2m_buf_remove_by_buf(&ctx->m2m_ctx->out_q_ctx,
- &ctx->empty_flush_buf.vb);
+ /*
+ * STREAMOFF could be called before the flush buffer is
+ * dequeued. Check whether empty flush buf is still in
+ * queue before removing it.
+ */
+ v4l2_m2m_for_each_src_buf_safe(ctx->m2m_ctx, b, n) {
+ if (b == &ctx->empty_flush_buf) {
+ v4l2_m2m_src_buf_remove_by_buf(
+ ctx->m2m_ctx, &b->vb);
+ break;
+ }
+ }
ctx->is_flushing = false;
}
} else {
--
2.30.1.766.gb4fecdf3b7-goog
prev parent reply other threads:[~2021-02-26 10:09 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-26 10:01 [PATCH v3 00/15] media: mtk-vcodec: support for MT8183 decoder Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 01/15] media: mtk-vcodec: vdec: move stateful ops into their own file Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 02/15] media: mtk-vcodec: vdec: handle firmware version field Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 03/15] media: mtk-vcodec: support version 2 of decoder firmware ABI Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 04/15] media: add Mediatek's MM21 format Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API Alexandre Courbot
2021-03-03 21:30 ` Ezequiel Garcia
2021-03-15 11:28 ` Alexandre Courbot
2021-03-15 15:16 ` Nicolas Dufresne
2021-03-15 21:45 ` Ezequiel Garcia
2021-03-17 3:13 ` Alexandre Courbot
2021-03-17 15:09 ` Nicolas Dufresne
2021-02-26 10:01 ` [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding Alexandre Courbot
2021-03-03 21:47 ` Ezequiel Garcia
2021-03-15 11:28 ` Alexandre Courbot
2021-03-15 15:21 ` Nicolas Dufresne
2021-03-17 3:14 ` Alexandre Courbot
2021-03-15 22:08 ` Ezequiel Garcia
2021-03-17 3:13 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 07/15] media: mtk-vcodec: vdec: add media device if using stateless api Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 08/15] dt-bindings: media: document mediatek,mt8183-vcodec-dec Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 09/15] media: mtk-vcodec: enable MT8183 decoder Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 10/15] media: mtk-vcodec: vdec: use helpers in VIDIOC_(TRY_)DECODER_CMD Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 11/15] media: mtk-vcodec: vdec: Support H264 profile control Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 12/15] media: mtk-vcodec: vdec: clamp OUTPUT resolution to hardware limits Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 13/15] media: mtk-vcodec: make flush buffer reusable by encoder Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 14/15] media: mtk-vcodec: venc: support START and STOP commands Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210226100148.1663389-16-acourbot@chromium.org \
--to=acourbot@chromium.org \
--cc=andrew-ct.chen@mediatek.com \
--cc=hsinyi@chromium.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=mchehab@kernel.org \
--cc=robh+dt@kernel.org \
--cc=tiffany.lin@mediatek.com \
--cc=yunfei.dong@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).