LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Alexandre Courbot <acourbot@chromium.org>
To: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
Cc: "Linux Media Mailing List" <linux-media@vger.kernel.org>,
	kernel@collabora.com,
	"Andrew-CT Chen" <andrew-ct.chen@mediatek.com>,
	courbot@chromium.org, "Dafna Hirschfeld" <dafna3@gmail.com>,
	eizan@chromium.org, houlong.wei@mediatek.com,
	"Hsin-Yi Wang" <hsinyi@chromium.org>,
	"Hans Verkuil" <hverkuil@xs4all.nl>,
	"Irui Wang" <irui.wang@mediatek.com>,
	LKML <linux-kernel@vger.kernel.org>,
	"moderated list:ARM/Mediatek SoC support"
	<linux-mediatek@lists.infradead.org>,
	"Maoguang Meng (孟毛广)" <maoguang.meng@mediatek.com>,
	"Matthias Brugger" <matthias.bgg@gmail.com>,
	"Mauro Carvalho Chehab" <mchehab@kernel.org>,
	minghsiu.tsai@mediatek.com, "Tomasz Figa" <tfiga@chromium.org>,
	"Tiffany Lin" <tiffany.lin@mediatek.com>
Subject: Re: [PATCH v2 2/7] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
Date: Mon, 27 Dec 2021 16:06:09 +0900	[thread overview]
Message-ID: <CAPBb6MVeohz94O5bXrBLmQkPddMTD9sj0ZMsOjG652_r7OyHSg@mail.gmail.com> (raw)
In-Reply-To: <20211117130635.11633-3-dafna.hirschfeld@collabora.com>

On Wed, Nov 17, 2021 at 10:06 PM Dafna Hirschfeld
<dafna.hirschfeld@collabora.com> wrote:
>
> The func v4l2_m2m_ctx_release waits for currently running jobs
> to finish and then stop streaming both queues and frees the buffers.
> All this should be done before the call to mtk_vcodec_enc_release
> which frees the encoder handler. This fixes null-pointer dereference bug:
>
> [gst-master] root@debian:~/gst-build# [  638.019193] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a0
> [  638.028076] Mem abort info:
> [  638.030932]   ESR = 0x96000004
> [  638.033978]   EC = 0x25: DABT (current EL), IL = 32 bits
> [  638.039293]   SET = 0, FnV = 0
> [  638.042338]   EA = 0, S1PTW = 0
> [  638.045474]   FSC = 0x04: level 0 translation fault
> [  638.050349] Data abort info:
> [  638.053224]   ISV = 0, ISS = 0x00000004
> [  638.057055]   CM = 0, WnR = 0
> [  638.060018] user pgtable: 4k pages, 48-bit VAs, pgdp=000000012b6db000
> [  638.066485] [00000000000001a0] pgd=0000000000000000, p4d=0000000000000000
> [  638.073277] Internal error: Oops: 96000004 [#1] SMP
> [  638.078145] Modules linked in: rfkill mtk_vcodec_dec mtk_vcodec_enc uvcvideo mtk_mdp mtk_vcodec_common videobuf2_dma_contig v4l2_h264 cdc_ether v4l2_mem2mem videobuf2_vmalloc usbnet videobuf2_memops videobuf2_v4l2 r8152 videobuf2_common videodev cros_ec_sensors cros_ec_sensors_core industrialio_triggered_buffer kfifo_buf elan_i2c elants_i2c sbs_battery mc cros_usbpd_charger cros_ec_chardev cros_usbpd_logger crct10dif_ce mtk_vpu fuse ip_tables x_tables ipv6
> [  638.118583] CPU: 0 PID: 212 Comm: kworker/u8:5 Not tainted 5.15.0-06427-g58a1d4dcfc74-dirty #109
> [  638.127357] Hardware name: Google Elm (DT)
> [  638.131444] Workqueue: mtk-vcodec-enc mtk_venc_worker [mtk_vcodec_enc]
> [  638.137974] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [  638.144925] pc : vp8_enc_encode+0x34/0x2b0 [mtk_vcodec_enc]
> [  638.150493] lr : venc_if_encode+0xac/0x1b0 [mtk_vcodec_enc]
> [  638.156060] sp : ffff8000124d3c40
> [  638.159364] x29: ffff8000124d3c40 x28: 0000000000000000 x27: 0000000000000000
> [  638.166493] x26: 0000000000000000 x25: ffff0000e7f252d0 x24: ffff8000124d3d58
> [  638.173621] x23: ffff8000124d3d58 x22: ffff8000124d3d60 x21: 0000000000000001
> [  638.180750] x20: ffff80001137e000 x19: 0000000000000000 x18: 0000000000000001
> [  638.187878] x17: 000000040044ffff x16: 00400032b5503510 x15: 0000000000000000
> [  638.195006] x14: ffff8000118536c0 x13: ffff8000ee1da000 x12: 0000000030d4d91d
> [  638.202134] x11: 0000000000000000 x10: 0000000000000980 x9 : ffff8000124d3b20
> [  638.209262] x8 : ffff0000c18d4ea0 x7 : ffff0000c18d44c0 x6 : ffff0000c18d44c0
> [  638.216391] x5 : ffff80000904a3b0 x4 : ffff8000124d3d58 x3 : ffff8000124d3d60
> [  638.223519] x2 : ffff8000124d3d78 x1 : 0000000000000001 x0 : ffff80001137efb8
> [  638.230648] Call trace:
> [  638.233084]  vp8_enc_encode+0x34/0x2b0 [mtk_vcodec_enc]
> [  638.238304]  venc_if_encode+0xac/0x1b0 [mtk_vcodec_enc]
> [  638.243525]  mtk_venc_worker+0x110/0x250 [mtk_vcodec_enc]
> [  638.248918]  process_one_work+0x1f8/0x498
> [  638.252923]  worker_thread+0x140/0x538
> [  638.256664]  kthread+0x148/0x158
> [  638.259884]  ret_from_fork+0x10/0x20
> [  638.263455] Code: f90023f9 2a0103f5 aa0303f6 aa0403f8 (f940d277)
> [  638.269538] ---[ end trace e374fc10f8e181f5 ]---
>
> Fixes: 4e855a6efa547 ("[media] vcodec: mediatek: Add Mediatek V4L2 Video Encoder Driver")
> Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>

The order looks indeed safer this way.

Reviewed-by: Alexandre Courbot <acourbot@chromium.org>


> ---
>  drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
> index eed67394cf46..f898226fc53e 100644
> --- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
> +++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
> @@ -214,11 +214,11 @@ static int fops_vcodec_release(struct file *file)
>         mtk_v4l2_debug(1, "[%d] encoder", ctx->id);
>         mutex_lock(&dev->dev_mutex);
>
> +       v4l2_m2m_ctx_release(ctx->m2m_ctx);
>         mtk_vcodec_enc_release(ctx);
>         v4l2_fh_del(&ctx->fh);
>         v4l2_fh_exit(&ctx->fh);
>         v4l2_ctrl_handler_free(&ctx->ctrl_hdl);
> -       v4l2_m2m_ctx_release(ctx->m2m_ctx);
>
>         list_del_init(&ctx->list);
>         kfree(ctx);
> --
> 2.17.1
>

  reply	other threads:[~2021-12-27  7:06 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-17 13:06 [PATCH v2 0/7] media: mtk-vcodec: few fixes Dafna Hirschfeld
2021-11-17 13:06 ` [PATCH v2 1/7] media: mtk-vcodec: enc: add vp8 profile ctrl Dafna Hirschfeld
2021-11-17 13:06 ` [PATCH v2 2/7] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released Dafna Hirschfeld
2021-12-27  7:06   ` Alexandre Courbot [this message]
2021-11-17 13:06 ` [PATCH v2 3/7] media: mtk-vcodec: enc: use "stream_started" flag for "stop/start_streaming" Dafna Hirschfeld
2021-11-25  8:30   ` Hans Verkuil
2021-11-17 13:06 ` [PATCH v2 4/7] media: mtk-vcodec: fix debugging defines Dafna Hirschfeld
2021-11-17 13:06 ` [PATCH v2 5/7] media: mtk-vcodec: replace func vidioc_try_fmt with two funcs for out/cap Dafna Hirschfeld
2021-12-27  7:06   ` Alexandre Courbot
2021-11-17 13:06 ` [PATCH v2 6/7] media: mtk-vcodec: don't check return val of mtk_venc_get_q_data Dafna Hirschfeld
2021-12-27  7:06   ` Alexandre Courbot
2021-11-17 13:06 ` [PATCH v2 7/7] meida: mtk-vcodec: remove unused func parameter Dafna Hirschfeld
2021-11-18 14:35   ` Nicolas Dufresne
2021-12-27  7:06   ` Alexandre Courbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPBb6MVeohz94O5bXrBLmQkPddMTD9sj0ZMsOjG652_r7OyHSg@mail.gmail.com \
    --to=acourbot@chromium.org \
    --cc=andrew-ct.chen@mediatek.com \
    --cc=courbot@chromium.org \
    --cc=dafna.hirschfeld@collabora.com \
    --cc=dafna3@gmail.com \
    --cc=eizan@chromium.org \
    --cc=houlong.wei@mediatek.com \
    --cc=hsinyi@chromium.org \
    --cc=hverkuil@xs4all.nl \
    --cc=irui.wang@mediatek.com \
    --cc=kernel@collabora.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=linux-mediatek@lists.infradead.org \
    --cc=maoguang.meng@mediatek.com \
    --cc=matthias.bgg@gmail.com \
    --cc=mchehab@kernel.org \
    --cc=minghsiu.tsai@mediatek.com \
    --cc=tfiga@chromium.org \
    --cc=tiffany.lin@mediatek.com \
    --subject='Re: [PATCH v2 2/7] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).