driver: vidc: fix response handling

Add condition to check if response packet
size is zero.
Skip writing to sfr-register till FW adds support.
Read FW response from the right addr.

Change-Id: I9244d6af024da18750bb21186512c7cc4dfd0c65
Signed-off-by: Darshana Patil <[email protected]>

driver/variant/iris2/src/msm_vidc_iris2.c

@@ -184,9 +184,10 @@ static int __setup_ucregion_memory_map_iris2(struct msm_vidc_core *vidc_core)
 	__write_register(core, QTBL_ADDR_IRIS2,
 			(u32)core->iface_q_table.align_device_addr);
 	__write_register(core, QTBL_INFO_IRIS2, 0x01);
-	if (core->sfr.align_device_addr)
+	/* TODO: darshana, remove below comment later with FW support*/
+	/*if (core->sfr.align_device_addr)
 		__write_register(core, SFR_ADDR_IRIS2,
-				(u32)core->sfr.align_device_addr);
+				(u32)core->sfr.align_device_addr);*/
 	/* update queues vaddr for debug purpose */
 	__write_register(core, CPU_CS_VCICMDARG0_IRIS2,
 		(u32)core->iface_q_table.align_virtual_addr);

driver/vidc/src/venus_hfi.c

@@ -927,7 +927,7 @@ static void __flush_debug_queue(struct msm_vidc_core *core, u8 *header)
 		struct hfi_header *hdr =
 			(struct hfi_header *) header;
 
-		if (!validate_packet((u8 *)pkt, core->response_packet,
+		if (validate_packet((u8 *)pkt, core->response_packet,
 				core->packet_size, __func__))
 			return;
 

driver/vidc/src/venus_hfi_response.c

@@ -54,6 +54,7 @@ int validate_packet(u8 *response_pkt, u8 *core_resp_pkt,
 	u32 core_resp_pkt_size, const char *func)
 {
 	u8 *response_limit;
+	u32 response_pkt_size = 0;
 
 	if (!response_pkt || !core_resp_pkt || !core_resp_pkt_size) {
 		d_vpr_e("%s: invalid params\n", func);
@@ -68,7 +69,13 @@ int validate_packet(u8 *response_pkt, u8 *core_resp_pkt,
 		return -EINVAL;
 	}
 
-	if (response_pkt + *(u32 *)response_pkt > response_limit) {
+	response_pkt_size = *(u32 *)response_pkt;
+	if (!response_pkt_size) {
+		d_vpr_e("%s: response packet size cannot be zero\n", func);
+		return -EINVAL;
+	}
+
+	if (response_pkt + response_pkt_size > response_limit) {
 		d_vpr_e("%s: invalid packet size %d\n",
 			func, *(u32 *)response_pkt);
 		return -EINVAL;
@@ -241,7 +248,7 @@ static int handle_session_buffer(struct msm_vidc_inst *inst,
 		return 0;
 	}
 
-	buffer = (struct hfi_buffer *)(pkt + sizeof(struct hfi_packet));
+	buffer = (struct hfi_buffer *)((u8 *)pkt + sizeof(struct hfi_packet));
 	buf_type = buffer->type;
 	if (!is_valid_hfi_buffer_type(inst, buf_type, __func__)) {
 		msm_vidc_change_inst_state(inst, MSM_VIDC_ERROR, __func__);
@@ -383,10 +390,10 @@ static int handle_system_response(struct msm_vidc_core *core,
 	struct hfi_packet *pkt;
 	int i;
 
-	pkt = (struct hfi_packet *)(hdr + sizeof(struct hfi_header));
+	pkt = (struct hfi_packet *)((u8 *)hdr + sizeof(struct hfi_header));
 
 	for (i = 0; i < hdr->num_packets; i++) {
-		if (!validate_packet((u8 *)pkt, core->response_packet,
+		if (validate_packet((u8 *)pkt, core->response_packet,
 				core->packet_size, __func__))
 			return -EINVAL;
 		if (pkt->type == HFI_CMD_INIT) {
@@ -420,10 +427,10 @@ static int handle_session_response(struct msm_vidc_core *core,
 		goto exit;
 	}
 
-	pkt = (struct hfi_packet *)(hdr + sizeof(struct hfi_header));
+	pkt = (struct hfi_packet *)((u8 *)hdr + sizeof(struct hfi_header));
 
 	for (i = 0; i < hdr->num_packets; i++) {
-		if (!validate_packet((u8 *)pkt, core->response_packet,
+		if (validate_packet((u8 *)pkt, core->response_packet,
 				core->packet_size, __func__))
 			goto exit;
 		if (pkt->type < HFI_CMD_END && pkt->type > HFI_CMD_BEGIN) {
@@ -456,7 +463,7 @@ int handle_response(struct msm_vidc_core *core, void *response)
 	}
 
 	hdr = (struct hfi_header *)response;
-	if (!validate_packet((u8 *)hdr, core->response_packet,
+	if (validate_packet((u8 *)hdr, core->response_packet,
 			core->packet_size, __func__))
 		return -EINVAL;