diff options
| author | Stanimir Varbanov <stanimir.varbanov@linaro.org> | 2019-05-27 11:34:17 -0400 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab+samsung@kernel.org> | 2019-05-29 10:20:06 -0400 |
| commit | a200c721956ca026f44416acccc8efcca41109c5 (patch) | |
| tree | 8e2f3a437f87b412489ff9a8b8da455080b5224d /drivers/media | |
| parent | eb96e57b913ff668b8b804178cdc509f9b3d4472 (diff) | |
| download | linux-a200c721956ca026f44416acccc8efcca41109c5.tar.bz2 | |
media: venus: hfi_parser: fix a regression in parser
This fixes the following data abort:
Unable to handle kernel paging request at virtual address 0000078000000040
Mem abort info:
ESR = 0x96000004
Exception class = DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
[0000078000000040] pgd=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Process irq/28-venus (pid: 292, stack limit = 0x(____ptrval____))
CPU: 0 PID: 292 Comm: irq/28-venus Not tainted 5.2.0-rc1+ #60
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
pstate: 60000005 (nZCv daif -PAN -UAO)
pc : __memcpy+0x100/0x180
lr : parse_caps+0x94/0xc0 [venus_core]
sp : ffff0000114e3990
x29: ffff0000114e3990 x28: ffff80003a7d0148
x27: 00000000000df018 x26: ffff000008bd4618
x25: 0000000000020003 x24: 0000078000000040
x23: 0000000000000002 x22: 0000000000000002
x21: ffff80003b9b8080 x20: 0000000000000008
x19: ffff000010f59000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80003c0f9b80
x15: 0000000000000000 x14: 0100000100000002
x13: 000000010020100b x12: 000000010000100a
x11: 0000100000000040 x10: 0000100000000004
x9 : 0000000000000000 x8 : ffff0000114e3bd8
x7 : 0000000000000000 x6 : ffff0000114e39d8
x5 : 0000000000000040 x4 : 0000000000000000
x3 : 0000000000000010 x2 : 0000000000000000
x1 : 0000078000000040 x0 : ffff0000114e39d8
Call trace:
__memcpy+0x100/0x180
hfi_parser+0x23c/0x3b8 [venus_core]
hfi_session_init_done+0x40/0x60 [venus_core]
hfi_process_msg_packet+0xd4/0x1d8 [venus_core]
venus_isr_thread+0x1e0/0x230 [venus_core]
hfi_isr_thread+0x18/0x20 [venus_core]
irq_thread_fn+0x28/0x78
irq_thread+0x124/0x1c0
kthread+0x124/0x128
ret_from_fork+0x10/0x18
Code: d503201f d503201f d503201f d503201f (a8c12027)
---[ end trace fd253ebaeea05ffc ]---
genirq: exiting task "irq/28-venus" (292) is an active IRQ thread (irq 28)
by modifying structure members to flexible array members.
Fixes: ded716267196862809e5926072adc962a611a1e3 media: hfi_parser: don't trick gcc with a wrong expected size
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Diffstat (limited to 'drivers/media')
| -rw-r--r-- | drivers/media/platform/qcom/venus/hfi_helper.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/media/platform/qcom/venus/hfi_helper.h b/drivers/media/platform/qcom/venus/hfi_helper.h index 34ea503a9842..a2b95ff79c4a 100644 --- a/drivers/media/platform/qcom/venus/hfi_helper.h +++ b/drivers/media/platform/qcom/venus/hfi_helper.h @@ -569,7 +569,7 @@ struct hfi_capability { struct hfi_capabilities { u32 num_capabilities; - struct hfi_capability *data; + struct hfi_capability data[]; }; #define HFI_DEBUG_MSG_LOW 0x01 @@ -726,7 +726,7 @@ struct hfi_profile_level { struct hfi_profile_level_supported { u32 profile_count; - struct hfi_profile_level *profile_level; + struct hfi_profile_level profile_level[]; }; struct hfi_quality_vs_speed { |