Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4623349rwd; Tue, 23 May 2023 10:03:26 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5L6IC4FSNo6EUV68WYatVtMeKy4JmiYSyQXdGZ87VgLpRkSWjl4IuA9phcyVyrM1QSfJcn X-Received: by 2002:a05:6a21:338f:b0:10a:f3df:b86e with SMTP id yy15-20020a056a21338f00b0010af3dfb86emr10636949pzb.44.1684861406553; Tue, 23 May 2023 10:03:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684861406; cv=none; d=google.com; s=arc-20160816; b=Dg5BUt1gZNaGRFJCSRuv//Gq/a81SFisMvlzixNx276dFVQjp/uCPg79nKN4EQsz4T b1/15BA8a1/SGVtRlsrAfzJOaZwRMsWTdKm5UTzXAN/aEyjh/kfPrDXYWjHzCLdsv7z4 /a4f+PB6G5b6UR4juV3NmqvrRz8nO3b/Y/PuxiIDVvxIoaRiKt98V8i0fJe/qXeEnahw WiVbN/yALIbV8vzjnzlId8Ccnzz39BcrJ8+eZfj1YDkt91oxH0w1CcNeNU/1e541GHOf f5jyanvLg1Uc7hqwTFbPsk+14ZuC3VmqtO3LyzTdxYjATRaeeenv5/AfMTGw1M9MD4Yy po7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=6MUcExjODFd7EhM4T5Hk91EII1yxc1VbdL3uFX/Gq78=; b=HUFhCCOBaS2RDx/iuBms8AzTXB5oABza/+08mKeG+zD4QiDXjkarBauD8qst3S9IW8 HgIqiTDFU38JZ7FI0zzRlIkWo6nS10oV7gtxO3ePip+xWxhugGI4OiLDaRFG3hpSKedy wgN0dCQM+CL7O6SW/xm70Gqgdn47Sm22SUK5R+K31E2tb0nWIlxvk1zLhAqDFP4Ra/Vu OhiSQBpmNJ5cXbC4iEEiLXAFaGj7JMxiYkT1aG6qDImmBnuVdJO7eyjXf3tsMYLPtQd5 YvEBQign17SQMKEHgqhTPDw2hj5r6ECChPLqfSOwzq65Zm2Y2lJOpqwV/BpQnbN0qtZ9 vIfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b="Bn/9h34r"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bt19-20020a632913000000b00520b3928bebsi1441776pgb.7.2023.05.23.10.03.11; Tue, 23 May 2023 10:03:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b="Bn/9h34r"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231878AbjEWQg3 (ORCPT + 99 others); Tue, 23 May 2023 12:36:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237570AbjEWQgZ (ORCPT ); Tue, 23 May 2023 12:36:25 -0400 Received: from madras.collabora.co.uk (madras.collabora.co.uk [46.235.227.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30D9C196; Tue, 23 May 2023 09:36:14 -0700 (PDT) Received: from [IPV6:2a01:e0a:120:3210:1ba:3e91:de16:9b34] (unknown [IPv6:2a01:e0a:120:3210:1ba:3e91:de16:9b34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: benjamin.gaignard) by madras.collabora.co.uk (Postfix) with ESMTPSA id AB39566058F2; Tue, 23 May 2023 17:36:11 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1684859772; bh=3CHENV+5lz2J3P/NrtkeHy+T26fSrnBLYvY12RFPujU=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=Bn/9h34rplwZ8vt11Bie+wDUicXHyWL16UJevssSKdtIhuZdvsOWd59sLMpgNTVke O/kQ+cWgurR1TtUR9ztJy6CuT2wR4ov4Y+6ArXmgUNOT4nC1RC2p01y+3t/y1TyjRz PdaAMa24UeY+oYBNmNyqEb+UX3nksoipZ4MZv2LWF2JQjgtp52oyOKqMXyS9vsN8Z8 /Cu5emY1niveMq6OoMuZ9DP24C6nOqEI5pPTrh+K0ZmhHg4OZO7TDpk5xBuLaHgMEN ES5XJu5vg/wF6+/qQNLuc2ILy9d5qCB23+Z1BJFlN3UcjOStELmSaoy0+wZ6Rrk8j8 WJ/6zywxuozNQ== Message-ID: Date: Tue, 23 May 2023 18:36:09 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH] media: verisilicon: Additional fix for the crash when opening the driver Content-Language: en-US To: ezequiel@vanguardiasur.com.ar, nicolas.dufresne@collabora.com, p.zabel@pengutronix.de, mchehab@kernel.org, m.szyprowski@samsung.com, m.tretter@pengutronix.de, didi.debian@cknow.org Cc: linux-media@vger.kernel.org, linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org, kernel@collabora.com, hverkuil-cisco@xs4all.nl, kernel@pengutronix.de, regressions@lists.linux.dev References: <20230523162515.993862-1-benjamin.gaignard@collabora.com> From: Benjamin Gaignard In-Reply-To: <20230523162515.993862-1-benjamin.gaignard@collabora.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 23/05/2023 à 18:25, Benjamin Gaignard a écrit : > This fixes the following issue observed on Odroid-M1 board: > > Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 > Mem abort info: > ... > Modules linked in: crct10dif_ce hantro_vpu snd_soc_simple_card snd_soc_simple_card_utils v4l2_vp9 v4l2_h264 rockchip_saradc v4l2_mem2mem videobuf2_dma_contig videobuf2_memops rtc_rk808 videobuf2_v4l2 industrialio_triggered_buffer rockchip_thermal dwmac_rk stmmac_platform stmmac videodev kfifo_buf display_connector videobuf2_common pcs_xpcs mc rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi drm_display_helper panfrost drm_shmem_helper gpu_sched ip_tables x_tables ipv6 > CPU: 3 PID: 176 Comm: v4l_id Not tainted 6.3.0-rc7-next-20230420 #13481 > Hardware name: Hardkernel ODROID-M1 (DT) > pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : hantro_try_fmt+0xa0/0x278 [hantro_vpu] > lr : hantro_try_fmt+0x94/0x278 [hantro_vpu] > ... > Call trace: > hantro_try_fmt+0xa0/0x278 [hantro_vpu] > hantro_set_fmt_out+0x3c/0x298 [hantro_vpu] > hantro_reset_raw_fmt+0x98/0x128 [hantro_vpu] > hantro_set_fmt_cap+0x240/0x254 [hantro_vpu] > hantro_reset_encoded_fmt+0x94/0xcc [hantro_vpu] > hantro_reset_fmts+0x18/0x38 [hantro_vpu] > hantro_open+0xd4/0x20c [hantro_vpu] > v4l2_open+0x80/0x120 [videodev] > chrdev_open+0xc0/0x22c > do_dentry_open+0x13c/0x48c > vfs_open+0x2c/0x38 > path_openat+0x550/0x934 > do_filp_open+0x80/0x12c > do_sys_openat2+0xb4/0x168 > __arm64_sys_openat+0x64/0xac > invoke_syscall+0x48/0x114 > el0_svc_common+0x100/0x120 > do_el0_svc+0x3c/0xa8 > el0_svc+0x40/0xa8 > el0t_64_sync_handler+0xb8/0xbc > el0t_64_sync+0x190/0x194 > Code: 97fc8a7f f940aa80 52864a61 72a686c1 (b9400800) > ---[ end trace 0000000000000000 ]--- > > Fixes: db6f68b51e5c ("media: verisilicon: Do not set context src/dst formats in reset functions") > > Signed-off-by: Benjamin Gaignard > --- Diederick, Marek, Michael, I have tested this patch on my boards and I see no regressions on decoder part and no more crash when probing the encoder. Could you test it on your side to confirm it is ok ? Thorsten, I try/test regzbot commands, please tell me if it is correct. #regzbot ^introduced db6f68b51e5c #regzbot title media: verisilicon: null pointer dereference in try_fmt #regzbot ignore-activity > drivers/media/platform/verisilicon/hantro_v4l2.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/platform/verisilicon/hantro_v4l2.c b/drivers/media/platform/verisilicon/hantro_v4l2.c > index 835518534e3b..61cfaaf4e927 100644 > --- a/drivers/media/platform/verisilicon/hantro_v4l2.c > +++ b/drivers/media/platform/verisilicon/hantro_v4l2.c > @@ -397,10 +397,12 @@ hantro_reset_raw_fmt(struct hantro_ctx *ctx, int bit_depth) > if (!raw_vpu_fmt) > return -EINVAL; > > - if (ctx->is_encoder) > + if (ctx->is_encoder) { > encoded_fmt = &ctx->dst_fmt; > - else > + ctx->vpu_src_fmt = raw_vpu_fmt; > + } else { > encoded_fmt = &ctx->src_fmt; > + } > > hantro_reset_fmt(&raw_fmt, raw_vpu_fmt); > raw_fmt.width = encoded_fmt->width;