LinuxLists.cc - Re: drm/exynos: scaler: Reset hardware before starting the operation (bug report)

2019-07-05 16:45:32

Subject: Re: drm/exynos: scaler: Reset hardware before starting the operation (bug report)

Hi,

Static analysis on today's linux-next has found a potential error in the
following commit:

commit 280e54c9f614c88292685383cf2d65057586e9fb
Author: Andrzej Pietrasiewicz <[email protected]>
Date: Thu Jun 7 13:06:08 2018 +0200

drm/exynos: scaler: Reset hardware before starting the operation

In the following code the retry counter does not appear to be
decremented, so potentially the loop could get stuck forever if the H/W
does not change state:

static inline int scaler_reset(struct scaler_context *scaler)
{
int retry = SCALER_RESET_WAIT_RETRIES;

scaler_write(SCALER_CFG_SOFT_RESET, SCALER_CFG);
do {
cpu_relax();
} while (retry > 1 &&
scaler_read(SCALER_CFG) & SCALER_CFG_SOFT_RESET);

do {
cpu_relax();
scaler_write(1, SCALER_INT_EN);
} while (retry > 0 && scaler_read(SCALER_INT_EN) != 1);

return retry ? 0 : -EIO;
}

Maybe I'm missing something here subtle.

Colin

2019-07-22 21:16:37

by Marek Szyprowski

[permalink] [raw]

Subject: Re: drm/exynos: scaler: Reset hardware before starting the operation (bug report)

Hi,

On 2019-07-05 18:09, Colin Ian King wrote:
> Static analysis on today's linux-next has found a potential error in the
> following commit:
>
> commit 280e54c9f614c88292685383cf2d65057586e9fb
> Author: Andrzej Pietrasiewicz <[email protected]>
> Date: Thu Jun 7 13:06:08 2018 +0200
>
> drm/exynos: scaler: Reset hardware before starting the operation
>
> In the following code the retry counter does not appear to be
> decremented, so potentially the loop could get stuck forever if the H/W
> does not change state:
>
> static inline int scaler_reset(struct scaler_context *scaler)
> {
> int retry = SCALER_RESET_WAIT_RETRIES;
>
> scaler_write(SCALER_CFG_SOFT_RESET, SCALER_CFG);
> do {
> cpu_relax();
> } while (retry > 1 &&
> scaler_read(SCALER_CFG) & SCALER_CFG_SOFT_RESET);
>
> do {
> cpu_relax();
> scaler_write(1, SCALER_INT_EN);
> } while (retry > 0 && scaler_read(SCALER_INT_EN) != 1);
>
> return retry ? 0 : -EIO;
> }
>
> Maybe I'm missing something here subtle.

Right. Indeed there is missing decrementation of the 'retry' variable. I
suggest to add it to both loops and reset retry value to
SCALER_RESET_WAIT_RETRIES between them.

Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland