samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
複製 0
程式碼 問題管理 合併請求 Actions Packages Projects 版本發佈 Wiki Activity

video: driver: resolve skip unmap in system error cases

瀏覽代碼 
If there is any system error from firmware then driver will
remove instance from core->instances.list.
msm_vb2_detach(unmap)_dmabuf() returning failure because
get_inst_ref() returning NULL as the instance was removed from
in core->instances.list, but instance is still alive and buffers
can still be detached(unmapped). Skipping detach(unmap)
buffers resulting in below warning when the buffer's final
dma reference is removed by v4l2 framework (dma_buf_put(fd))
after msm_vb2_detach(unmap)_dmabuf() functions.

msm_dma_buf_freed: DMA buffer ffffff8884ebe600 destroyed with
                   outstanding iommu mappings
Call trace:
    msm_dma_buf_freed+0x130/0x334 [msm_dma_iommu_mapping]
    qcom_sg_release+0x30/0x50 [qcom_dma_heaps]
    dma_buf_release+0x48/0xa8
    __dentry_kill+0x178/0x268
    dentry_kill+0xc4/0x110
    dput+0xa4/0x110
    __fput+0x170/0x260
    ____fput+0x18/0x28
    task_work_run+0xc0/0xe8

Eventually when client closed the session, driver will try to
cleanup the missing buffers and hence driver calls unmap buffers
which is resulting in below list_del corruption issue as dma_buf
including sg_list was already removed for it

msm_dma_unmap_sg_attrs: (ffffff8916a92c00) was never mapped
WARNING: CPU: 2 PID: 2258 at drivers/iommu/msm_dma_iommu_mapping.c:377
         msm_dma_unmap_sg_attrs+0x9c/0x1e4 [msm_dma_iommu_mapping]
Call trace:
    msm_dma_unmap_sg_attrs+0x9c/0x1e4 [msm_dma_iommu_mapping]
    qcom_sg_unmap_dma_buf+0xc0/0xf0 [qcom_dma_heaps]
    dma_buf_unmap_attachment+0x48/0xa0
    msm_vidc_dma_buf_unmap_attachment+0x2c/0x80 [msm_video]
    msm_vidc_destroy_buffers+0x510/0xb74 [msm_video]
    put_inst+0x158/0x3fc [msm_video]
    msm_vidc_close+0xe4/0x16c [msm_video]
    v4l2_release+0x7c/0x108
    __fput+0xe4/0x260
    ____fput+0x18/0x28
    task_work_run+0xc0/0xe8

list_del corruption. prev->next should be ffffff8891db3c90,
          but was ffffff8916a92c10. (prev=ffffff8916a92c10)

As we know instance will always be alive in
msm_vb2_detach(unmap)_dmabuf() function, we can safely
remove get_inst_ref() to avoid skipping detach(unmap)
calls to avoid list_del corruption issues.

Change-Id: If292a39ab1cde17da3cbb634370b6ff6692e496a
Signed-off-by: Maheshwar Ajja <quic_majja@quicinc.com>
This commit is contained in:
Maheshwar Ajja
2023-02-28 23:06:03 -08:00
父節點 17bc01b78f
當前提交 28c761d7bf
共有 1 個文件被更改,包括 0 次插入4 次删除
Download Patch File Download Diff File Expand all files Collapse all files

4
driver/vidc/src/msm_vidc_vb2.c
查看文件

@@ -128,7 +128,6 @@ void msm_vb2_detach_dmabuf(void *buf_priv)
return;
}
inst = vbuf->inst;
inst = get_inst_ref(g_core, inst);
if (!inst || !inst->core) {
d_vpr_e("%s: invalid params %pK\n", __func__, inst);
return;
@@ -156,7 +155,6 @@ void msm_vb2_detach_dmabuf(void *buf_priv)
vbuf->inst = NULL;
exit:
put_inst(inst);
return;
}
@@ -207,7 +205,6 @@ void msm_vb2_unmap_dmabuf(void *buf_priv)
return;
}
inst = vbuf->inst;
inst = get_inst_ref(g_core, inst);
if (!inst || !inst->core) {
d_vpr_e("%s: invalid params %pK\n", __func__, inst);
return;
@@ -235,7 +232,6 @@ void msm_vb2_unmap_dmabuf(void *buf_priv)
}
exit:
put_inst(inst);
return;
}