Merge "msm: ais: isp: Handling buffer use after getting it freed"
This commit is contained in:
Linux Build Service Account
Gerrit - the friendly Code Review server
commit
fd46324f9e
3 changed files with 17 additions and 3 deletions
|
|
@ -1038,16 +1038,18 @@ int msm_vfe47_start_fetch_engine(struct vfe_device *vfe_dev,
|
||||||
vfe_dev->buf_mgr, fe_cfg->session_id,
|
vfe_dev->buf_mgr, fe_cfg->session_id,
|
||||||
fe_cfg->stream_id);
|
fe_cfg->stream_id);
|
||||||
vfe_dev->fetch_engine_info.bufq_handle = bufq_handle;
|
vfe_dev->fetch_engine_info.bufq_handle = bufq_handle;
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = vfe_dev->buf_mgr->ops->get_buf_by_index(
|
rc = vfe_dev->buf_mgr->ops->get_buf_by_index(
|
||||||
vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf);
|
vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf);
|
||||||
if (rc < 0 || !buf) {
|
if (rc < 0 || !buf) {
|
||||||
pr_err("%s: No fetch buffer rc= %d buf= %pK\n",
|
pr_err("%s: No fetch buffer rc= %d buf= %pK\n",
|
||||||
__func__, rc, buf);
|
__func__, rc, buf);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
mapped_info = buf->mapped_info[0];
|
mapped_info = buf->mapped_info[0];
|
||||||
buf->state = MSM_ISP_BUFFER_STATE_DISPATCHED;
|
buf->state = MSM_ISP_BUFFER_STATE_DISPATCHED;
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
} else {
|
} else {
|
||||||
rc = vfe_dev->buf_mgr->ops->map_buf(vfe_dev->buf_mgr,
|
rc = vfe_dev->buf_mgr->ops->map_buf(vfe_dev->buf_mgr,
|
||||||
&mapped_info, fe_cfg->fd);
|
&mapped_info, fe_cfg->fd);
|
||||||
|
|
@ -1100,14 +1102,15 @@ int msm_vfe47_start_fetch_engine_multi_pass(struct vfe_device *vfe_dev,
|
||||||
mutex_lock(&vfe_dev->buf_mgr->lock);
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = vfe_dev->buf_mgr->ops->get_buf_by_index(
|
rc = vfe_dev->buf_mgr->ops->get_buf_by_index(
|
||||||
vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf);
|
vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf);
|
||||||
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
|
||||||
if (rc < 0 || !buf) {
|
if (rc < 0 || !buf) {
|
||||||
pr_err("%s: No fetch buffer rc= %d buf= %pK\n",
|
pr_err("%s: No fetch buffer rc= %d buf= %pK\n",
|
||||||
__func__, rc, buf);
|
__func__, rc, buf);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
mapped_info = buf->mapped_info[0];
|
mapped_info = buf->mapped_info[0];
|
||||||
buf->state = MSM_ISP_BUFFER_STATE_DISPATCHED;
|
buf->state = MSM_ISP_BUFFER_STATE_DISPATCHED;
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
} else {
|
} else {
|
||||||
rc = vfe_dev->buf_mgr->ops->map_buf(vfe_dev->buf_mgr,
|
rc = vfe_dev->buf_mgr->ops->map_buf(vfe_dev->buf_mgr,
|
||||||
&mapped_info, fe_cfg->fd);
|
&mapped_info, fe_cfg->fd);
|
||||||
|
|
|
||||||
|
|
@ -3822,10 +3822,12 @@ int msm_isp_update_axi_stream(struct vfe_device *vfe_dev, void *arg)
|
||||||
&update_cmd->update_info[i];
|
&update_cmd->update_info[i];
|
||||||
stream_info = &axi_data->stream_info[HANDLE_TO_IDX(
|
stream_info = &axi_data->stream_info[HANDLE_TO_IDX(
|
||||||
update_info->stream_handle)];
|
update_info->stream_handle)];
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = msm_isp_request_frame(vfe_dev, stream_info,
|
rc = msm_isp_request_frame(vfe_dev, stream_info,
|
||||||
update_info->user_stream_id,
|
update_info->user_stream_id,
|
||||||
update_info->frame_id,
|
update_info->frame_id,
|
||||||
MSM_ISP_INVALID_BUF_INDEX);
|
MSM_ISP_INVALID_BUF_INDEX);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
if (rc)
|
if (rc)
|
||||||
pr_err("%s failed to request frame!\n",
|
pr_err("%s failed to request frame!\n",
|
||||||
__func__);
|
__func__);
|
||||||
|
|
@ -3898,10 +3900,12 @@ int msm_isp_update_axi_stream(struct vfe_device *vfe_dev, void *arg)
|
||||||
|
|
||||||
stream_info = &axi_data->stream_info[HANDLE_TO_IDX(
|
stream_info = &axi_data->stream_info[HANDLE_TO_IDX(
|
||||||
req_frm->stream_handle)];
|
req_frm->stream_handle)];
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = msm_isp_request_frame(vfe_dev, stream_info,
|
rc = msm_isp_request_frame(vfe_dev, stream_info,
|
||||||
req_frm->user_stream_id,
|
req_frm->user_stream_id,
|
||||||
req_frm->frame_id,
|
req_frm->frame_id,
|
||||||
req_frm->buf_index);
|
req_frm->buf_index);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
if (rc)
|
if (rc)
|
||||||
pr_err("%s failed to request frame!\n",
|
pr_err("%s failed to request frame!\n",
|
||||||
__func__);
|
__func__);
|
||||||
|
|
|
||||||
|
|
@ -392,9 +392,10 @@ static int msm_isp_start_fetch_engine_multi_pass(struct vfe_device *vfe_dev,
|
||||||
vfe_dev->hw_info->vfe_ops.core_ops.reset_hw(vfe_dev,
|
vfe_dev->hw_info->vfe_ops.core_ops.reset_hw(vfe_dev,
|
||||||
0, 1);
|
0, 1);
|
||||||
msm_isp_reset_framedrop(vfe_dev, stream_info);
|
msm_isp_reset_framedrop(vfe_dev, stream_info);
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = msm_isp_cfg_offline_ping_pong_address(vfe_dev, stream_info,
|
rc = msm_isp_cfg_offline_ping_pong_address(vfe_dev, stream_info,
|
||||||
VFE_PING_FLAG, fe_cfg->output_buf_idx);
|
VFE_PING_FLAG, fe_cfg->output_buf_idx);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
pr_err("%s: Fetch engine config failed\n", __func__);
|
pr_err("%s: Fetch engine config failed\n", __func__);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
@ -918,7 +919,9 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd,
|
||||||
break;
|
break;
|
||||||
case VIDIOC_MSM_ISP_CFG_STREAM:
|
case VIDIOC_MSM_ISP_CFG_STREAM:
|
||||||
mutex_lock(&vfe_dev->core_mutex);
|
mutex_lock(&vfe_dev->core_mutex);
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = msm_isp_cfg_axi_stream(vfe_dev, arg);
|
rc = msm_isp_cfg_axi_stream(vfe_dev, arg);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
mutex_unlock(&vfe_dev->core_mutex);
|
mutex_unlock(&vfe_dev->core_mutex);
|
||||||
break;
|
break;
|
||||||
case VIDIOC_MSM_ISP_CFG_HW_STATE:
|
case VIDIOC_MSM_ISP_CFG_HW_STATE:
|
||||||
|
|
@ -948,6 +951,7 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd,
|
||||||
break;
|
break;
|
||||||
case VIDIOC_MSM_ISP_AXI_RESTART:
|
case VIDIOC_MSM_ISP_AXI_RESTART:
|
||||||
mutex_lock(&vfe_dev->core_mutex);
|
mutex_lock(&vfe_dev->core_mutex);
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
if (atomic_read(&vfe_dev->error_info.overflow_state)
|
if (atomic_read(&vfe_dev->error_info.overflow_state)
|
||||||
!= HALT_ENFORCED) {
|
!= HALT_ENFORCED) {
|
||||||
rc = msm_isp_stats_restart(vfe_dev);
|
rc = msm_isp_stats_restart(vfe_dev);
|
||||||
|
|
@ -958,6 +962,7 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd,
|
||||||
pr_err_ratelimited("%s: no AXI restart, halt enforced.\n",
|
pr_err_ratelimited("%s: no AXI restart, halt enforced.\n",
|
||||||
__func__);
|
__func__);
|
||||||
}
|
}
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
mutex_unlock(&vfe_dev->core_mutex);
|
mutex_unlock(&vfe_dev->core_mutex);
|
||||||
break;
|
break;
|
||||||
case VIDIOC_MSM_ISP_INPUT_CFG:
|
case VIDIOC_MSM_ISP_INPUT_CFG:
|
||||||
|
|
@ -1017,7 +1022,9 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd,
|
||||||
break;
|
break;
|
||||||
case VIDIOC_MSM_ISP_CFG_STATS_STREAM:
|
case VIDIOC_MSM_ISP_CFG_STATS_STREAM:
|
||||||
mutex_lock(&vfe_dev->core_mutex);
|
mutex_lock(&vfe_dev->core_mutex);
|
||||||
|
mutex_lock(&vfe_dev->buf_mgr->lock);
|
||||||
rc = msm_isp_cfg_stats_stream(vfe_dev, arg);
|
rc = msm_isp_cfg_stats_stream(vfe_dev, arg);
|
||||||
|
mutex_unlock(&vfe_dev->buf_mgr->lock);
|
||||||
mutex_unlock(&vfe_dev->core_mutex);
|
mutex_unlock(&vfe_dev->core_mutex);
|
||||||
break;
|
break;
|
||||||
case VIDIOC_MSM_ISP_UPDATE_STATS_STREAM:
|
case VIDIOC_MSM_ISP_UPDATE_STATS_STREAM:
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue