From: Alexandre Courbot <acourbot@chromium.org>
To: Tiffany Lin <tiffany.lin@mediatek.com>,
Andrew-CT Chen <andrew-ct.chen@mediatek.com>,
Rob Herring <robh+dt@kernel.org>,
Yunfei Dong <yunfei.dong@mediatek.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mediatek@lists.infradead.org,
Hsin-Yi Wang <hsinyi@chromium.org>,
Alexandre Courbot <acourbot@chromium.org>
Subject: [PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list before removing
Date: Fri, 26 Feb 2021 19:01:48 +0900 [thread overview]
Message-ID: <20210226100148.1663389-16-acourbot@chromium.org> (raw)
In-Reply-To: <20210226100148.1663389-1-acourbot@chromium.org>
From: Hsin-Yi Wang <hsinyi@chromium.org>
It is possible that empty_flush_buf is removed in mtk_venc_worker() and
then again in vb2ops_venc_stop_streaming(). However, there's no empty
list check in v4l2_m2m_buf_remove_by_buf(). Double remove causes a
kernel crash.
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
[acourbot: fix commit log a bit]
Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
---
.../media/platform/mtk-vcodec/mtk_vcodec_enc.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
index 4de381b522ae..8af7e840b958 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
@@ -933,9 +933,21 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
}
/* STREAMOFF on the CAPTURE queue completes any ongoing flush */
if (ctx->is_flushing) {
+ struct v4l2_m2m_buffer *b, *n;
+
mtk_v4l2_debug(1, "STREAMOFF called while flushing");
- v4l2_m2m_buf_remove_by_buf(&ctx->m2m_ctx->out_q_ctx,
- &ctx->empty_flush_buf.vb);
+ /*
+ * STREAMOFF could be called before the flush buffer is
+ * dequeued. Check whether empty flush buf is still in
+ * queue before removing it.
+ */
+ v4l2_m2m_for_each_src_buf_safe(ctx->m2m_ctx, b, n) {
+ if (b == &ctx->empty_flush_buf) {
+ v4l2_m2m_src_buf_remove_by_buf(
+ ctx->m2m_ctx, &b->vb);
+ break;
+ }
+ }
ctx->is_flushing = false;
}
} else {
--
2.30.1.766.gb4fecdf3b7-goog
WARNING: multiple messages have this Message-ID (diff)
From: Alexandre Courbot <acourbot@chromium.org>
To: Tiffany Lin <tiffany.lin@mediatek.com>,
Andrew-CT Chen <andrew-ct.chen@mediatek.com>,
Rob Herring <robh+dt@kernel.org>,
Yunfei Dong <yunfei.dong@mediatek.com>
Cc: Alexandre Courbot <acourbot@chromium.org>,
linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org,
Hsin-Yi Wang <hsinyi@chromium.org>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org
Subject: [PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list before removing
Date: Fri, 26 Feb 2021 19:01:48 +0900 [thread overview]
Message-ID: <20210226100148.1663389-16-acourbot@chromium.org> (raw)
In-Reply-To: <20210226100148.1663389-1-acourbot@chromium.org>
From: Hsin-Yi Wang <hsinyi@chromium.org>
It is possible that empty_flush_buf is removed in mtk_venc_worker() and
then again in vb2ops_venc_stop_streaming(). However, there's no empty
list check in v4l2_m2m_buf_remove_by_buf(). Double remove causes a
kernel crash.
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
[acourbot: fix commit log a bit]
Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
---
.../media/platform/mtk-vcodec/mtk_vcodec_enc.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
index 4de381b522ae..8af7e840b958 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
@@ -933,9 +933,21 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
}
/* STREAMOFF on the CAPTURE queue completes any ongoing flush */
if (ctx->is_flushing) {
+ struct v4l2_m2m_buffer *b, *n;
+
mtk_v4l2_debug(1, "STREAMOFF called while flushing");
- v4l2_m2m_buf_remove_by_buf(&ctx->m2m_ctx->out_q_ctx,
- &ctx->empty_flush_buf.vb);
+ /*
+ * STREAMOFF could be called before the flush buffer is
+ * dequeued. Check whether empty flush buf is still in
+ * queue before removing it.
+ */
+ v4l2_m2m_for_each_src_buf_safe(ctx->m2m_ctx, b, n) {
+ if (b == &ctx->empty_flush_buf) {
+ v4l2_m2m_src_buf_remove_by_buf(
+ ctx->m2m_ctx, &b->vb);
+ break;
+ }
+ }
ctx->is_flushing = false;
}
} else {
--
2.30.1.766.gb4fecdf3b7-goog
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
next prev parent reply other threads:[~2021-02-26 10:09 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-26 10:01 [PATCH v3 00/15] media: mtk-vcodec: support for MT8183 decoder Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 01/15] media: mtk-vcodec: vdec: move stateful ops into their own file Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 02/15] media: mtk-vcodec: vdec: handle firmware version field Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 03/15] media: mtk-vcodec: support version 2 of decoder firmware ABI Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 04/15] media: add Mediatek's MM21 format Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-03-03 21:30 ` Ezequiel Garcia
2021-03-03 21:30 ` Ezequiel Garcia
2021-03-15 11:28 ` Alexandre Courbot
2021-03-15 11:28 ` Alexandre Courbot
2021-03-15 15:16 ` Nicolas Dufresne
2021-03-15 15:16 ` Nicolas Dufresne
2021-03-15 21:45 ` Ezequiel Garcia
2021-03-15 21:45 ` Ezequiel Garcia
2021-03-17 3:13 ` Alexandre Courbot
2021-03-17 3:13 ` Alexandre Courbot
2021-03-17 15:09 ` Nicolas Dufresne
2021-03-17 15:09 ` Nicolas Dufresne
2021-02-26 10:01 ` [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-03-03 21:47 ` Ezequiel Garcia
2021-03-03 21:47 ` Ezequiel Garcia
2021-03-15 11:28 ` Alexandre Courbot
2021-03-15 11:28 ` Alexandre Courbot
2021-03-15 15:21 ` Nicolas Dufresne
2021-03-15 15:21 ` Nicolas Dufresne
2021-03-17 3:14 ` Alexandre Courbot
2021-03-17 3:14 ` Alexandre Courbot
2021-03-15 22:08 ` Ezequiel Garcia
2021-03-15 22:08 ` Ezequiel Garcia
2021-03-17 3:13 ` Alexandre Courbot
2021-03-17 3:13 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 07/15] media: mtk-vcodec: vdec: add media device if using stateless api Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 08/15] dt-bindings: media: document mediatek,mt8183-vcodec-dec Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 08/15] dt-bindings: media: document mediatek, mt8183-vcodec-dec Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 09/15] media: mtk-vcodec: enable MT8183 decoder Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 10/15] media: mtk-vcodec: vdec: use helpers in VIDIOC_(TRY_)DECODER_CMD Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 11/15] media: mtk-vcodec: vdec: Support H264 profile control Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 12/15] media: mtk-vcodec: vdec: clamp OUTPUT resolution to hardware limits Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 13/15] media: mtk-vcodec: make flush buffer reusable by encoder Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` [PATCH v3 14/15] media: mtk-vcodec: venc: support START and STOP commands Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot
2021-02-26 10:01 ` Alexandre Courbot [this message]
2021-02-26 10:01 ` [PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list before removing Alexandre Courbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210226100148.1663389-16-acourbot@chromium.org \
--to=acourbot@chromium.org \
--cc=andrew-ct.chen@mediatek.com \
--cc=hsinyi@chromium.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=mchehab@kernel.org \
--cc=robh+dt@kernel.org \
--cc=tiffany.lin@mediatek.com \
--cc=yunfei.dong@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.