[PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list... | linux-media

[PATCH v3 00/15] media: mtk-vcodec: support for MT8183 decoder · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 01/15] media: mtk-vcodec: vdec: move stateful ops into their own file · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 02/15] media: mtk-vcodec: vdec: handle firmware version field · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 03/15] media: mtk-vcodec: support version 2 of decoder firmware ABI · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 04/15] media: add Mediatek's MM21 format · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Alexandre Courbot <hidden> · 2021-02-26
Re: [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> · 2021-03-04
Re: [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Alexandre Courbot <hidden> · 2021-03-15
Re: [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Nicolas Dufresne <hidden> · 2021-03-15
Re: [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> · 2021-03-15
Re: [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Alexandre Courbot <hidden> · 2021-03-17
Re: [PATCH v3 05/15] media: mtk-vcodec: vdec: support stateless API · Nicolas Dufresne <hidden> · 2021-03-17
[PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Alexandre Courbot <hidden> · 2021-02-26
Re: [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> · 2021-03-04
Re: [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Alexandre Courbot <hidden> · 2021-03-15
Re: [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Nicolas Dufresne <hidden> · 2021-03-15
Re: [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Alexandre Courbot <hidden> · 2021-03-17
Re: [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> · 2021-03-15
Re: [PATCH v3 06/15] media: mtk-vcodec: vdec: support stateless H.264 decoding · Alexandre Courbot <hidden> · 2021-03-17
[PATCH v3 09/15] media: mtk-vcodec: enable MT8183 decoder · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 11/15] media: mtk-vcodec: vdec: Support H264 profile control · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 07/15] media: mtk-vcodec: vdec: add media device if using stateless api · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 08/15] dt-bindings: media: document mediatek,mt8183-vcodec-dec · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 12/15] media: mtk-vcodec: vdec: clamp OUTPUT resolution to hardware limits · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 10/15] media: mtk-vcodec: vdec: use helpers in VIDIOC_(TRY_)DECODER_CMD · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 13/15] media: mtk-vcodec: make flush buffer reusable by encoder · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 14/15] media: mtk-vcodec: venc: support START and STOP commands · Alexandre Courbot <hidden> · 2021-02-26
[PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list before removing · Alexandre Courbot <hidden> · 2021-02-26

STALE1899d

Revisions (2)

2021-02-26 v3 current
2021-04-27 v4 [diff vs current]

[PATCH v3 15/15] media: mtk-vcodec: venc: make sure buffer exists in list before removing

From: Alexandre Courbot <hidden>
Date: 2021-02-26 10:09:15
Also in: linux-mediatek, lkml
Subsystem: media input infrastructure (v4l/dvb), the rest · Maintainers: Mauro Carvalho Chehab, Linus Torvalds

From: Hsin-Yi Wang <redacted>

It is possible that empty_flush_buf is removed in mtk_venc_worker() and
then again in vb2ops_venc_stop_streaming(). However, there's no empty
list check in v4l2_m2m_buf_remove_by_buf(). Double remove causes a
kernel crash.

Signed-off-by: Hsin-Yi Wang <redacted>
[acourbot: fix commit log a bit]
Signed-off-by: Alexandre Courbot <redacted>
---
 .../media/platform/mtk-vcodec/mtk_vcodec_enc.c   | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
index 4de381b522ae..8af7e840b958 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc.c

@@ -933,9 +933,21 @@ static void vb2ops_venc_stop_streaming(struct vb2_queue *q)
 		}
 		/* STREAMOFF on the CAPTURE queue completes any ongoing flush */
 		if (ctx->is_flushing) {
+			struct v4l2_m2m_buffer *b, *n;
+
 			mtk_v4l2_debug(1, "STREAMOFF called while flushing");
-			v4l2_m2m_buf_remove_by_buf(&ctx->m2m_ctx->out_q_ctx,
-						   &ctx->empty_flush_buf.vb);
+			/*
+			 * STREAMOFF could be called before the flush buffer is
+			 * dequeued. Check whether empty flush buf is still in
+			 * queue before removing it.
+			 */
+			v4l2_m2m_for_each_src_buf_safe(ctx->m2m_ctx, b, n) {
+				if (b == &ctx->empty_flush_buf) {
+					v4l2_m2m_src_buf_remove_by_buf(
+							ctx->m2m_ctx, &b->vb);
+					break;
+				}
+			}
 			ctx->is_flushing = false;
 		}
 	} else {

-- 
2.30.1.766.gb4fecdf3b7-goog

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help