From patchwork Mon Jul 17 08:56:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanimir Varbanov X-Patchwork-Id: 107876 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp4256012qge; Mon, 17 Jul 2017 01:59:29 -0700 (PDT) X-Received: by 10.84.232.143 with SMTP id i15mr729880plk.248.1500281968934; Mon, 17 Jul 2017 01:59:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500281968; cv=none; d=google.com; s=arc-20160816; b=lQMKiiBbw4h4cYYkDYznJFTBz9tGgKsIdMKV5rS7zGyrpTQlB/r1K6hrT8H6Oe10EQ 6rKKffQY+T3AyH+ToWqjRsJI+ycSLRsLkJRUPCJl1woiiDOgxSvs3Ii6NfkzmI1nXjFk VOVx2/Aemm2kPN0HZBLT4tTxJ9XuEbAZmmL/374k5IigWA2sNM1hkSeeUWMscOky87o1 bKmVfKWz0/9p5GE3UlMOB87Ut7N9yWJEh9gAN2ppx4eR65C8+Rhi2vCF9UmFUK/+04nX JBMrfJiJBrGxwLN8fEJbiKRe3WdwGdwU3oBPgnlNswvun+j3YBSMaO+A5NgmSX6/9Bkr FaNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=7CvQfHGoFCdoxeXR0khXNq6p9Mu7NbcF2mM+Inr+BMg=; b=Z0u86h4DJjKL5iulsYIGgJMhQ175TU4LgDsReAVArTRL6a0acZStztvuv91XBUO8Id agwWMDGyWYmN0uD/1NDf+ARTzMUYtUDAt0GOCfHKIdi9iTKheoggQNbWCHnICiqHxBvZ zxelO2okKTiQlPjLNMrdjiCEiaTfZIK3kER43ujg1VA6Q92MQhTHEGUSnD9PKpxF4xhR KKhcoR1qt+QLaoE94c6j38eWnPNe7PTAF4RRnJ1N/ak8YCAaz3qnRiufvyvDj1WA+uSl iv3TIrH+deSpfRiHpv54xX8Df7+WcvpwTVCNv22Dun1nXYmnbIZoV3sn0gXGRRa3Su+h pD8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=E0Nj8+3I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w7si12986055pgw.423.2017.07.17.01.59.28; Mon, 17 Jul 2017 01:59:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=E0Nj8+3I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751462AbdGQI70 (ORCPT + 25 others); Mon, 17 Jul 2017 04:59:26 -0400 Received: from mail-wr0-f177.google.com ([209.85.128.177]:34518 "EHLO mail-wr0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751405AbdGQI6s (ORCPT ); Mon, 17 Jul 2017 04:58:48 -0400 Received: by mail-wr0-f177.google.com with SMTP id 12so3283353wrb.1 for ; Mon, 17 Jul 2017 01:58:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7CvQfHGoFCdoxeXR0khXNq6p9Mu7NbcF2mM+Inr+BMg=; b=E0Nj8+3IKwqUcNcXTK0hJDZIW5vNR5qZfY8q3MfHtFfY3e/Ej3pw+IKMkypiqtH/u8 VTOAC+JFoziikYWHvF33FedJG/5J6qHrUQ8oave8mJWfyzXCaY2x8MTumjb0jzKk/EWV d0A+nl7TaNwRenAM7CTICnwBtK2x38G9BIfl0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7CvQfHGoFCdoxeXR0khXNq6p9Mu7NbcF2mM+Inr+BMg=; b=ijfapzFYQ3bfaUY5rnZGydRQa+kR6w2gBz8uRthe3qRSKHTBqBUP07IjYKWK+fV/Nv EuqpKyF7He0vSnxxsy2/bRdG0YadGelaQ78Vz5Xsf56byL/r8DbxBebUjC/+U8VbMcCs yKdYptbwKBvAnMnmFLJsMsY5mmHULWpf2Isgic02mzUGhrOSMTFR8EzwK6s7Fkn7xhXh sDxuBAZppbCClfPUjAuFkWfUlEMv+H/s1PLbjCBravEzlOsNfrfplUE2nAktZU1Qqjl6 drMscz/LNYYU4g75ntZsy5AMYeftQ1BN3snbJegWrknpyoDW0QRe7W0D0aWC9XN4I4OZ wvMg== X-Gm-Message-State: AIVw1130orEMqJvpnBnPoPvwODWBDHBBcIvSCTndjn9/FWqJdlHgAQw8 2PuqQwIYaq+UPMg1 X-Received: by 10.223.136.174 with SMTP id f43mr1328729wrf.148.1500281927270; Mon, 17 Jul 2017 01:58:47 -0700 (PDT) Received: from localhost.localdomain ([37.157.136.206]) by smtp.gmail.com with ESMTPSA id q17sm11558700wmd.4.2017.07.17.01.58.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jul 2017 01:58:46 -0700 (PDT) From: Stanimir Varbanov To: Mauro Carvalho Chehab Cc: Hans Verkuil , Arnd Bergmann , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, Rob Clark Subject: [PATCH 4/4] media: venus: hfi: fix error handling in hfi_sys_init_done() Date: Mon, 17 Jul 2017 11:56:50 +0300 Message-Id: <20170717085650.12185-5-stanimir.varbanov@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170717085650.12185-1-stanimir.varbanov@linaro.org> References: <20170717085650.12185-1-stanimir.varbanov@linaro.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Rob Clark Not entirely sure what triggers it, but with venus build as kernel module and in initrd, we hit this crash: Unable to handle kernel paging request at virtual address ffff80003c039000 pgd = ffff00000a14f000 [ffff80003c039000] *pgd=00000000bd9f7003, *pud=00000000bd9f6003, *pmd=00000000bd9f0003, *pte=0000000000000000 Internal error: Oops: 96000007 [#1] SMP Modules linked in: qcom_wcnss_pil(E+) crc32_ce(E) qcom_common(E) venus_core(E+) remoteproc(E) snd_soc_msm8916_digital(E) virtio_ring(E) cdc_ether(E) snd_soc_lpass_apq8016(E) snd_soc_lpass_cpu(E) snd_soc_apq8016_sbc(E) snd_soc_lpass_platform(E) v4l2_mem2mem(E) virtio(E) snd_soc_core(E) ac97_bus(E) snd_pcm_dmaengine(E) snd_seq(E) leds_gpio(E) videobuf2_v4l2(E) videobuf2_core(E) snd_seq_device(E) snd_pcm(E) videodev(E) media(E) nvmem_qfprom(E) msm(E) snd_timer(E) snd(E) soundcore(E) spi_qup(E) mdt_loader(E) qcom_tsens(E) qcom_spmi_temp_alarm(E) nvmem_core(E) msm_rng(E) uas(E) usb_storage(E) dm9601(E) usbnet(E) mii(E) mmc_block(E) adv7511(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) fb_sys_fops(E) qcom_spmi_vadc(E) qcom_vadc_common(PE) industrialio(E) pinctrl_spmi_mpp(E) pinctrl_spmi_gpio(E) rtc_pm8xxx(E) clk_smd_rpm(E) sdhci_msm(E) sdhci_pltfm(E) qcom_smd_regulator(E) drm(E) smd_rpm(E) qcom_spmi_pmic(E) regmap_spmi(E) ci_hdrc_msm(E) ci_hdrc(E) usb3503(E) extcon_usb_gpio(E) phy_msm_usb(E) udc_core(E) qcom_hwspinlock(E) extcon_core(E) ehci_msm(E) i2c_qup(E) sdhci(E) mmc_core(E) spmi_pmic_arb(E) spmi(E) qcom_smd(E) smsm(E) rpmsg_core(E) smp2p(E) smem(E) hwspinlock_core(E) gpio_keys(E) CPU: 2 PID: 551 Comm: irq/150-venus Tainted: P E 4.12.0+ #1625 Hardware name: qualcomm dragonboard410c/dragonboard410c, BIOS 2017.07-rc2-00144-ga97bdbdf72-dirty 07/08/2017 task: ffff800037338000 task.stack: ffff800038e00000 PC is at hfi_sys_init_done+0x64/0x140 [venus_core] LR is at hfi_process_msg_packet+0xcc/0x1e8 [venus_core] pc : [] lr : [] pstate: 20400145 sp : ffff800038e03c60 x29: ffff800038e03c60 x28: 0000000000000000 x27: 00000000000df018 x26: ffff00000118f4d0 x25: 0000000000020003 x24: ffff80003a8d3010 x23: ffff00000118f760 x22: ffff800037b40028 x21: ffff8000382981f0 x20: ffff800037b40028 x19: ffff80003c039000 x18: 0000000000000020 x17: 0000000000000000 x16: ffff800037338000 x15: ffffffffffffffff x14: 0000001000000014 x13: 0000000100001007 x12: 0000000100000020 x11: 0000100e00000000 x10: 0000000000000001 x9 : 0000000200000000 x8 : 0000001400000001 x7 : 0000000000001010 x6 : 0000000000000148 x5 : 0000000000001009 x4 : ffff80003c039000 x3 : 00000000cd770abb x2 : 0000000000000042 x1 : 0000000000000788 x0 : 0000000000000002 Process irq/150-venus (pid: 551, stack limit = 0xffff800038e00000) Call trace: [] hfi_sys_init_done+0x64/0x140 [venus_core] [] hfi_process_msg_packet+0xcc/0x1e8 [venus_core] [] venus_isr_thread+0x1b4/0x208 [venus_core] [] hfi_isr_thread+0x28/0x38 [venus_core] [] irq_thread_fn+0x30/0x70 [] irq_thread+0x14c/0x1c8 [] kthread+0x138/0x140 [] ret_from_fork+0x10/0x40 Code: 52820125 52820207 7a431820 54000249 (b9400263) ---[ end trace c963460f20a984b6 ]--- The problem is that in the error case, we've incremented the data ptr but not decremented rem_bytes, and keep reading (presumably garbage) until eventually we go beyond the end of the buffer. Instead, on first error, we should probably just bail out. Other option is to increment read_bytes by sizeof(u32) before the switch, rather than only accounting for the ptype header in the non-error case. Note that in this case it is HFI_ERR_SYS_INVALID_PARAMETER, ie. an unrecognized/unsupported parameter, so interpreting the next word as a property type would be bogus. The other error cases are due to truncated buffer, so there isn't likely to be anything valid to interpret in the remainder of the buffer. So just bailing seems like a reasonable solution. Signed-off-by: Rob Clark Reviewed-by: Stanimir Varbanov --- drivers/media/platform/qcom/venus/hfi_msgs.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) -- 2.11.0 diff --git a/drivers/media/platform/qcom/venus/hfi_msgs.c b/drivers/media/platform/qcom/venus/hfi_msgs.c index f8841713e417..a681ae5381d6 100644 --- a/drivers/media/platform/qcom/venus/hfi_msgs.c +++ b/drivers/media/platform/qcom/venus/hfi_msgs.c @@ -239,11 +239,12 @@ static void hfi_sys_init_done(struct venus_core *core, struct venus_inst *inst, break; } - if (!error) { - rem_bytes -= read_bytes; - data += read_bytes; - num_properties--; - } + if (error) + break; + + rem_bytes -= read_bytes; + data += read_bytes; + num_properties--; } err_no_prop: