[PATCH 4.7 083/141] [media] v4l: vsp1: Fix crash when resetting pipeline

From: Greg Kroah-Hartman
Date: Thu Oct 06 2016 - 04:48:19 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.7 125/141] IB/mlx4: Fix code indentation in QP1 MAD flow"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 092/141] dmaengine: bcm2835: fix 64-bit warning"
In reply to: Greg Kroah-Hartman: "[PATCH 4.7 092/141] dmaengine: bcm2835: fix 64-bit warning"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.7 125/141] IB/mlx4: Fix code indentation in QP1 MAD flow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.7-stable review patch. If anyone has any objections, please let me know.

------------------

From: Laurent Pinchart <laurent.pinchart+renesas@xxxxxxxxxxxxxxxx>

commit d69e40fade97b6b19837c1772efa516bc28cc870 upstream.

The vsp1_pipeline_reset() function loops over pipeline inputs and output
and resets them. When doing so it assumes both that the pipeline has
been correctly configured with an output, and that inputs are are stored
in the pipe inputs array at positions 0 to num_inputs-1.

Both the assumptions are incorrect. The pipeline might need to be reset
after a failed attempts to configure it, without any output specified.
Furthermore, inputs are stored in a positiong equal to their RPF index,
possibly creating holes in the inputs array if the RPFs are not used in
sequence.

Fix both issues by looping over the whole inputs array and skipping
unused entries, and ignoring the output when not set.

Fixes: ff7e97c94d9f ("[media] v4l: vsp1: Store pipeline pointer in rwpf")

Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@xxxxxxxxxxxxxxxx>
Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/media/platform/vsp1/vsp1_pipe.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)

--- a/drivers/media/platform/vsp1/vsp1_pipe.c
+++ b/drivers/media/platform/vsp1/vsp1_pipe.c
@@ -172,13 +172,17 @@ void vsp1_pipeline_reset(struct vsp1_pip
bru->inputs[i].rpf = NULL;
}

- for (i = 0; i < pipe->num_inputs; ++i) {
- pipe->inputs[i]->pipe = NULL;
- pipe->inputs[i] = NULL;
+ for (i = 0; i < ARRAY_SIZE(pipe->inputs); ++i) {
+ if (pipe->inputs[i]) {
+ pipe->inputs[i]->pipe = NULL;
+ pipe->inputs[i] = NULL;
+ }
}

- pipe->output->pipe = NULL;
- pipe->output = NULL;
+ if (pipe->output) {
+ pipe->output->pipe = NULL;
+ pipe->output = NULL;
+ }

INIT_LIST_HEAD(&pipe->entities);
pipe->state = VSP1_PIPELINE_STOPPED;

Next message: Greg Kroah-Hartman: "[PATCH 4.7 125/141] IB/mlx4: Fix code indentation in QP1 MAD flow"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 092/141] dmaengine: bcm2835: fix 64-bit warning"
In reply to: Greg Kroah-Hartman: "[PATCH 4.7 092/141] dmaengine: bcm2835: fix 64-bit warning"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.7 125/141] IB/mlx4: Fix code indentation in QP1 MAD flow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]