media: venus: core: handle race condititon for core ops

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

For core ops we are having only write protect but there
is no read protect, because of this in multithreading
and concurrency, one CPU core is reading without wait
which is causing the NULL pointer dereferece crash.

one such scenario is as show below, where in one CPU
core, core->ops becoming NULL and in another CPU core
calling core->ops->session_init().

CPU: core-7:
Call trace:
hfi_session_init+0x180/0x1dc [venus_core]
vdec_queue_setup+0x9c/0x364 [venus_dec]
vb2_core_reqbufs+0x1e4/0x368 [videobuf2_common]
vb2_reqbufs+0x4c/0x64 [videobuf2_v4l2]
v4l2_m2m_reqbufs+0x50/0x84 [v4l2_mem2mem]
v4l2_m2m_ioctl_reqbufs+0x2c/0x38 [v4l2_mem2mem]
v4l_reqbufs+0x4c/0x5c
__video_do_ioctl+0x2b0/0x39c

CPU: core-0:
Call trace:
venus_shutdown+0x98/0xfc [venus_core]
venus_sys_error_handler+0x64/0x148 [venus_core]
process_one_work+0x210/0x3d0
worker_thread+0x248/0x3f4
kthread+0x11c/0x12c

Signed-off-by: Mansur Alisha Shaik <mansur@codeaurora.org>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>

authored by

Mansur Alisha Shaik and committed by

Mauro Carvalho Chehab 5 years ago 9696960f b57cf6a0

+12

1 changed file

expand all

drivers

media

platform

qcom

venus

hfi.c

+12

drivers/media/platform/qcom/venus/hfi.c

··· 198 198 const struct hfi_ops *ops = core->ops; 199 199 int ret; 200 200 201 + /* 202 + * If core shutdown is in progress or if we are in system 203 + * recovery, return an error as during system error recovery 204 + * session_init() can't pass successfully 205 + */ 206 + mutex_lock(&core->lock); 207 + if (!core->ops || core->sys_error) { 208 + mutex_unlock(&core->lock); 209 + return -EIO; 210 + } 211 + mutex_unlock(&core->lock); 212 + 201 213 if (inst->state != INST_UNINIT) 202 214 return -EINVAL; 203 215