[PATCH] media: s5p-mfc fix invalid memory access from s5p_mfc_release()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: luisbg@osg.samsung.com (Luis de Bethencourt)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] media: s5p-mfc fix invalid memory access from s5p_mfc_release()
Date: Sat, 09 Jul 2016 11:29:42 +0100	[thread overview]
Message-ID: <5780D216.9000604@osg.samsung.com> (raw)
In-Reply-To: <1468016965-10880-1-git-send-email-shuahkh@osg.samsung.com>

On 08/07/16 23:29, Shuah Khan wrote:
> If s5p_mfc_release() runs after s5p_mfc_remove(), the former will access
> invalid s5p_mfc_dev pointer saved in the s5p_mfc_ctx and runs into kernel
> paging request errors.
> 
> Clear ctx dev pointer in s5p_mfc_remove() and change s5p_mfc_release() to
> avoid work that requires ctx->dev.
> 
> odroid kernel: Unable to handle kernel paging request at virtual address
>     f17c1104
> odroid kernel: pgd = ebca4000
> odroid kernel: [f17c1104] *pgd=6e23d811, *pte=00000000, *ppte=00000000
> odroid kernel: Internal error: Oops: 807 [#1] PREEMPT SMP ARM
> odroid kernel: Modules linked in: cpufreq_userspace cpufreq_powersave
>     cpufreq_conservative s5p_mfc s5p_jpeg v4l2_mem2mem
>     videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_core
>     v4l2_common videodev media
> odroid kernel: Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
> odroid kernel: task: c2241400 ti: e7018000 task.ti: e7018000
> odroid kernel: PC is at s5p_mfc_reset+0x40/0x28c [s5p_mfc]
> odroid kernel: LR is at s5p_mfc_reset+0x34/0x28c [s5p_mfc]
> odroid kernel: pc : [<bf15bfbc>]    lr : [<bf15bfb0>] psr: 60010013
> odroid kernel: [<bf15bfbc>] (s5p_mfc_reset [s5p_mfc]) from [<bf15c62c>]
>     (s5p_mfc_deinit_hw+0x14/0x3c [s5p_mfc])
> odroid kernel: [<bf15c62c>] (s5p_mfc_deinit_hw [s5p_mfc]) from [<bf155958>]
>     (s5p_mfc_release+0xac/0x1c4 [s5p_mfc])
> odroid kernel: [<bf155958>] (s5p_mfc_release [s5p_mfc]) from [<bf021344>]
>     (v4l2_release+0x38/0x74 [videodev])
> odroid kernel: [<bf021344>] (v4l2_release [videodev]) from [<c01e4274>]
>     (__fput+0x80/0x1c8)
> odroid kernel: [<c01e4274>] (__fput) from [<c0135c58>]
>     (task_work_run+0x94/0xc8)
> odroid kernel: [<c0135c58>] (task_work_run) from [<c010a9d4>]
>     (do_work_pending+0x7c/0xa4)
> odroid kernel: [<c010a9d4>] (do_work_pending) from [<c0107794>]
>     (slow_work_pending+0xc/0x20)
> odroid kernel: Code: eb3edacc e5953078 e3a06000 e2833c11 (e5836004)
> 
> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
> ---

Thanks Shuah.

I've been following this while playing with an ODROID XU4 to fix some issues
in v4l2 usage in GStreamer. So I offered Shuah to test this for her.

Looks good :)

Tested-by: Luis de Bethencourt <luisbg@osg.samsung.com>

WARNING: multiple messages have this Message-ID (diff)

From: Luis de Bethencourt <luisbg@osg.samsung.com>
To: Shuah Khan <shuahkh@osg.samsung.com>,
	kyungmin.park@samsung.com, k.debski@samsung.com,
	jtp.park@samsung.com, mchehab@kernel.org, javier@osg.samsung.com
Cc: linux-arm-kernel@lists.infradead.org,
	linux-media@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] media: s5p-mfc fix invalid memory access from s5p_mfc_release()
Date: Sat, 09 Jul 2016 11:29:42 +0100	[thread overview]
Message-ID: <5780D216.9000604@osg.samsung.com> (raw)
In-Reply-To: <1468016965-10880-1-git-send-email-shuahkh@osg.samsung.com>

On 08/07/16 23:29, Shuah Khan wrote:
> If s5p_mfc_release() runs after s5p_mfc_remove(), the former will access
> invalid s5p_mfc_dev pointer saved in the s5p_mfc_ctx and runs into kernel
> paging request errors.
> 
> Clear ctx dev pointer in s5p_mfc_remove() and change s5p_mfc_release() to
> avoid work that requires ctx->dev.
> 
> odroid kernel: Unable to handle kernel paging request at virtual address
>     f17c1104
> odroid kernel: pgd = ebca4000
> odroid kernel: [f17c1104] *pgd=6e23d811, *pte=00000000, *ppte=00000000
> odroid kernel: Internal error: Oops: 807 [#1] PREEMPT SMP ARM
> odroid kernel: Modules linked in: cpufreq_userspace cpufreq_powersave
>     cpufreq_conservative s5p_mfc s5p_jpeg v4l2_mem2mem
>     videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_core
>     v4l2_common videodev media
> odroid kernel: Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
> odroid kernel: task: c2241400 ti: e7018000 task.ti: e7018000
> odroid kernel: PC is at s5p_mfc_reset+0x40/0x28c [s5p_mfc]
> odroid kernel: LR is at s5p_mfc_reset+0x34/0x28c [s5p_mfc]
> odroid kernel: pc : [<bf15bfbc>]    lr : [<bf15bfb0>] psr: 60010013
> odroid kernel: [<bf15bfbc>] (s5p_mfc_reset [s5p_mfc]) from [<bf15c62c>]
>     (s5p_mfc_deinit_hw+0x14/0x3c [s5p_mfc])
> odroid kernel: [<bf15c62c>] (s5p_mfc_deinit_hw [s5p_mfc]) from [<bf155958>]
>     (s5p_mfc_release+0xac/0x1c4 [s5p_mfc])
> odroid kernel: [<bf155958>] (s5p_mfc_release [s5p_mfc]) from [<bf021344>]
>     (v4l2_release+0x38/0x74 [videodev])
> odroid kernel: [<bf021344>] (v4l2_release [videodev]) from [<c01e4274>]
>     (__fput+0x80/0x1c8)
> odroid kernel: [<c01e4274>] (__fput) from [<c0135c58>]
>     (task_work_run+0x94/0xc8)
> odroid kernel: [<c0135c58>] (task_work_run) from [<c010a9d4>]
>     (do_work_pending+0x7c/0xa4)
> odroid kernel: [<c010a9d4>] (do_work_pending) from [<c0107794>]
>     (slow_work_pending+0xc/0x20)
> odroid kernel: Code: eb3edacc e5953078 e3a06000 e2833c11 (e5836004)
> 
> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
> ---

Thanks Shuah.

I've been following this while playing with an ODROID XU4 to fix some issues
in v4l2 usage in GStreamer. So I offered Shuah to test this for her.

Looks good :)

Tested-by: Luis de Bethencourt <luisbg@osg.samsung.com>

next prev parent reply	other threads:[~2016-07-09 10:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-08 22:29 [PATCH] media: s5p-mfc fix invalid memory access from s5p_mfc_release() Shuah Khan
2016-07-08 22:29 ` Shuah Khan
2016-07-09 10:29 ` Luis de Bethencourt [this message]
2016-07-09 10:29   ` Luis de Bethencourt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5780D216.9000604@osg.samsung.com \
    --to=luisbg@osg.samsung.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.