Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1589816pxa; Thu, 6 Aug 2020 11:01:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyqmyaQIFE38iSJ7Wk9MiFpf8MzdHBVQuQzuflgdVgmn2sJpGcl5ugeppeg8VQXf+Oqmb6V X-Received: by 2002:a17:907:402b:: with SMTP id nr19mr5477825ejb.123.1596736868459; Thu, 06 Aug 2020 11:01:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596736868; cv=none; d=google.com; s=arc-20160816; b=c97Fp8Nox3a6Y9uvr+sZKGvoXLYwE+23ctZ5ykf+L4Gd6EPBhh2S/reKKY8nfDcTfL F4PkOe6LW71nfqpx8SpQP/TBCdD0zok6OVFtCLMpgRdn5dK9/2plSix5aGFUdQeZXHbk cEiuEjQJyDRzaiSKT4lK919dpVEtPaZgOPeLXOc+7m85WQBJJ980SXZqu6DjFpJEQ0NS taG0ZNih4BX3TyIIS+12fRV+wg5GfF2j5B+nRpsRh9JIywONGwkIRAqpzMrcvc7ml1Ft bAMs+APjEmR2LrzjE1P0e1umxPdrI29bIk8uVgn19gwlJI4hc8OPGAtxD+NXmFLd2Ffr tLTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=UgZGO9fNhF/LCmr0K7YE8K+hwJ/tr+O5yNIicgVWOL8=; b=hoxL+phgEOCaedaro8WxB80OiI42ReEgq2Nj3e7F3Kx86CO1JKb9VVv5/ZOaLDPoGJ KOqk+tdlQR+UxxU4WLELtf1xU/jbBXS0uktbRhjj7DGES/wrJ4jJolx9TDmQ3R03q1ar wqTPHvkroFmn6Ac5FRK6q8lVL2m0gwc51Hh9XHM/ObzkbytFhFic2wLplntH6OaJ58lQ QxeZGFSmc6du9v7BItjO85ejTqC9LRMuRoEzbZNnTatDA6M4Kxx+T2Bp0G3N8PpLg6On gXyVIR1n1b4/icMxbE0jjOU48KFa8SXltSFBVwvHQXKMatqwSJA6WwByC3Xx38rXpzDM elAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s15si3745057ejx.745.2020.08.06.11.00.43; Thu, 06 Aug 2020 11:01:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728516AbgHFSAi (ORCPT + 99 others); Thu, 6 Aug 2020 14:00:38 -0400 Received: from alexa-out.qualcomm.com ([129.46.98.28]:35748 "EHLO alexa-out.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728117AbgHFSAh (ORCPT ); Thu, 6 Aug 2020 14:00:37 -0400 Received: from ironmsg09-lv.qualcomm.com ([10.47.202.153]) by alexa-out.qualcomm.com with ESMTP; 06 Aug 2020 06:17:54 -0700 Received: from ironmsg01-blr.qualcomm.com ([10.86.208.130]) by ironmsg09-lv.qualcomm.com with ESMTP/TLS/AES256-SHA; 06 Aug 2020 06:17:51 -0700 Received: from c-mansur-linux.qualcomm.com ([10.204.90.208]) by ironmsg01-blr.qualcomm.com with ESMTP; 06 Aug 2020 18:47:41 +0530 Received: by c-mansur-linux.qualcomm.com (Postfix, from userid 461723) id 2018F21C62; Thu, 6 Aug 2020 18:47:40 +0530 (IST) From: Mansur Alisha Shaik To: linux-media@vger.kernel.org, stanimir.varbanov@linaro.org Cc: linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, vgarodia@codeaurora.org, Mansur Alisha Shaik Subject: [PATCH 1/3] venus: core: handle race condititon for core ops Date: Thu, 6 Aug 2020 18:47:33 +0530 Message-Id: <1596719855-1725-2-git-send-email-mansur@codeaurora.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1596719855-1725-1-git-send-email-mansur@codeaurora.org> References: <1596719855-1725-1-git-send-email-mansur@codeaurora.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For core ops we are having only write protect but there is no read protect, because of this in mult -threading and concurrency, one CPU core is readi -ing without waiting which is causing the NULL pointer dereferece crash. one such scenario is as show below, where in one core core->ops becoming NULL and in another core calling core->ops->session_init(). CPU: 7(core): Call trace: hfi_session_init+0x180/0x1dc [venus_core] vdec_queue_setup+0x9c/0x364 [venus_dec] vb2_core_reqbufs+0x1e4/0x368 [videobuf2_common] vb2_reqbufs+0x4c/0x64 [videobuf2_v4l2] v4l2_m2m_reqbufs+0x50/0x84 [v4l2_mem2mem] v4l2_m2m_ioctl_reqbufs+0x2c/0x38 [v4l2_mem2mem] v4l_reqbufs+0x4c/0x5c __video_do_ioctl+0x2b0/0x39c CPU: 0(core): Call trace: venus_shutdown+0x98/0xfc [venus_core] venus_sys_error_handler+0x64/0x148 [venus_core] process_one_work+0x210/0x3d0 worker_thread+0x248/0x3f4 kthread+0x11c/0x12c Signed-off-by: Mansur Alisha Shaik --- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/platform/qcom/venus/hfi.c | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c index 203c653..fe99c83 100644 --- a/drivers/media/platform/qcom/venus/core.c +++ b/drivers/media/platform/qcom/venus/core.c @@ -64,8 +64,8 @@ static void venus_sys_error_handler(struct work_struct *work) pm_runtime_get_sync(core->dev); hfi_core_deinit(core, true); - hfi_destroy(core); mutex_lock(&core->lock); + hfi_destroy(core); venus_shutdown(core); pm_runtime_put_sync(core->dev); diff --git a/drivers/media/platform/qcom/venus/hfi.c b/drivers/media/platform/qcom/venus/hfi.c index a211eb9..2eeb31f 100644 --- a/drivers/media/platform/qcom/venus/hfi.c +++ b/drivers/media/platform/qcom/venus/hfi.c @@ -195,7 +195,7 @@ EXPORT_SYMBOL_GPL(hfi_session_create); int hfi_session_init(struct venus_inst *inst, u32 pixfmt) { struct venus_core *core = inst->core; - const struct hfi_ops *ops = core->ops; + const struct hfi_ops *ops; int ret; if (inst->state != INST_UNINIT) @@ -204,10 +204,13 @@ int hfi_session_init(struct venus_inst *inst, u32 pixfmt) inst->hfi_codec = to_codec_type(pixfmt); reinit_completion(&inst->done); + mutex_lock(&core->lock); + ops = core->ops; ret = ops->session_init(inst, inst->session_type, inst->hfi_codec); if (ret) return ret; + mutex_unlock(&core->lock); ret = wait_session_msg(inst); if (ret) return ret; -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation