[PATCH] media: verisilicon: Additional fix for the crash when opening the driver

Benjamin Gaignard benjamin.gaignard at collabora.com
Tue May 23 09:33:28 PDT 2023


Le 23/05/2023 à 18:28, Ezequiel Garcia a écrit :
> Hi Benjamin,
>
> Thanks for the patch.
>
> On Tue, May 23, 2023 at 1:25 PM Benjamin Gaignard
> <benjamin.gaignard at collabora.com> wrote:
>> This fixes the following issue observed on Odroid-M1 board:
>>
>>   Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
> What pointer is NULL? ctx->src_fmt ?

yes ctx->vpu_src_fmt pointer was NULL when probing the encoder.

>
>>   Mem abort info:
>>   ...
>>   Modules linked in: crct10dif_ce hantro_vpu snd_soc_simple_card snd_soc_simple_card_utils v4l2_vp9 v4l2_h264 rockchip_saradc v4l2_mem2mem videobuf2_dma_contig videobuf2_memops rtc_rk808 videobuf2_v4l2 industrialio_triggered_buffer rockchip_thermal dwmac_rk stmmac_platform stmmac videodev kfifo_buf display_connector videobuf2_common pcs_xpcs mc rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi drm_display_helper panfrost drm_shmem_helper gpu_sched ip_tables x_tables ipv6
>>   CPU: 3 PID: 176 Comm: v4l_id Not tainted 6.3.0-rc7-next-20230420 #13481
>>   Hardware name: Hardkernel ODROID-M1 (DT)
>>   pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>>   pc : hantro_try_fmt+0xa0/0x278 [hantro_vpu]
>>   lr : hantro_try_fmt+0x94/0x278 [hantro_vpu]
>>   ...
>>   Call trace:
>>    hantro_try_fmt+0xa0/0x278 [hantro_vpu]
>>    hantro_set_fmt_out+0x3c/0x298 [hantro_vpu]
>>    hantro_reset_raw_fmt+0x98/0x128 [hantro_vpu]
>>    hantro_set_fmt_cap+0x240/0x254 [hantro_vpu]
>>    hantro_reset_encoded_fmt+0x94/0xcc [hantro_vpu]
>>    hantro_reset_fmts+0x18/0x38 [hantro_vpu]
>>    hantro_open+0xd4/0x20c [hantro_vpu]
>>    v4l2_open+0x80/0x120 [videodev]
>>    chrdev_open+0xc0/0x22c
>>    do_dentry_open+0x13c/0x48c
>>    vfs_open+0x2c/0x38
>>    path_openat+0x550/0x934
>>    do_filp_open+0x80/0x12c
>>    do_sys_openat2+0xb4/0x168
>>    __arm64_sys_openat+0x64/0xac
>>    invoke_syscall+0x48/0x114
>>    el0_svc_common+0x100/0x120
>>    do_el0_svc+0x3c/0xa8
>>    el0_svc+0x40/0xa8
>>    el0t_64_sync_handler+0xb8/0xbc
>>    el0t_64_sync+0x190/0x194
>>   Code: 97fc8a7f f940aa80 52864a61 72a686c1 (b9400800)
>>   ---[ end trace 0000000000000000 ]---
>>
>> Fixes: db6f68b51e5c ("media: verisilicon: Do not set context src/dst formats in reset functions")
>>
>> Signed-off-by: Benjamin Gaignard <benjamin.gaignard at collabora.com>
>> ---
>>   drivers/media/platform/verisilicon/hantro_v4l2.c | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/media/platform/verisilicon/hantro_v4l2.c b/drivers/media/platform/verisilicon/hantro_v4l2.c
>> index 835518534e3b..61cfaaf4e927 100644
>> --- a/drivers/media/platform/verisilicon/hantro_v4l2.c
>> +++ b/drivers/media/platform/verisilicon/hantro_v4l2.c
>> @@ -397,10 +397,12 @@ hantro_reset_raw_fmt(struct hantro_ctx *ctx, int bit_depth)
>>          if (!raw_vpu_fmt)
>>                  return -EINVAL;
>>
>> -       if (ctx->is_encoder)
>> +       if (ctx->is_encoder) {
>>                  encoded_fmt = &ctx->dst_fmt;
>> -       else
>> +               ctx->vpu_src_fmt = raw_vpu_fmt;
>> +       } else {
>>                  encoded_fmt = &ctx->src_fmt;
>> +       }
>>
>>          hantro_reset_fmt(&raw_fmt, raw_vpu_fmt);
>>          raw_fmt.width = encoded_fmt->width;
>> --
>> 2.34.1
>>



More information about the Linux-rockchip mailing list