lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AM6PR04MB6341DC7B7FFB745576B7A444E7A69@AM6PR04MB6341.eurprd04.prod.outlook.com>
Date:   Fri, 10 Jun 2022 01:59:10 +0000
From:   Ming Qian <ming.qian@....com>
To:     Hans Verkuil <hverkuil-cisco@...all.nl>,
        "mchehab@...nel.org" <mchehab@...nel.org>,
        "Mirela Rabulea (OSS)" <mirela.rabulea@....nxp.com>
CC:     "shawnguo@...nel.org" <shawnguo@...nel.org>,
        "s.hauer@...gutronix.de" <s.hauer@...gutronix.de>,
        "kernel@...gutronix.de" <kernel@...gutronix.de>,
        "festevam@...il.com" <festevam@...il.com>,
        dl-linux-imx <linux-imx@....com>,
        "linux-media@...r.kernel.org" <linux-media@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>
Subject: RE: [EXT] Re: [PATCH] media: imx-jpeg: Disable slot interrupt when
 frame done

> From: Hans Verkuil <hverkuil-cisco@...all.nl>
> Sent: 2022年6月9日 18:27
> To: Ming Qian <ming.qian@....com>; mchehab@...nel.org; Mirela Rabulea
> (OSS) <mirela.rabulea@....nxp.com>
> Cc: shawnguo@...nel.org; s.hauer@...gutronix.de; kernel@...gutronix.de;
> festevam@...il.com; dl-linux-imx <linux-imx@....com>;
> linux-media@...r.kernel.org; linux-kernel@...r.kernel.org;
> devicetree@...r.kernel.org; linux-arm-kernel@...ts.infradead.org
> Subject: [EXT] Re: [PATCH] media: imx-jpeg: Disable slot interrupt when frame
> done
> 
> Caution: EXT Email
> 
> Hi Ming Qian,
> 
> On 6/7/22 09:23, Ming Qian wrote:
> > The interrupt STMBUF_HALF may be triggered after frame done.
> > It may led to system hang if driver try to access the register after
> > power off.
> >
> > Disable the slot interrupt when frame done.
> >
> > Fixes: 2db16c6ed72ce ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG
> > Encoder/Decoder")
> > Signed-off-by: Ming Qian <ming.qian@....com>
> > ---
> >  drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.c |  5 +++++
> > drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h |  1 +
> >  drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c    | 11 ++---------
> >  3 files changed, 8 insertions(+), 9 deletions(-)
> >
> > diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.c
> > b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.c
> > index c482228262a3..9418fcf740a8 100644
> > --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.c
> > +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.c
> > @@ -79,6 +79,11 @@ void mxc_jpeg_enable_irq(void __iomem *reg, int
> slot)
> >       writel(0xFFFFFFFF, reg + MXC_SLOT_OFFSET(slot, SLOT_IRQ_EN));  }
> >
> > +void mxc_jpeg_disable_irq(void __iomem *reg, int slot) {
> > +     writel(0x0, reg + MXC_SLOT_OFFSET(slot, SLOT_IRQ_EN)); }
> > +
> >  void mxc_jpeg_sw_reset(void __iomem *reg)  {
> >       /*
> > diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h
> > b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h
> > index 07655502f4bd..ecf3b6562ba2 100644
> > --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h
> > +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg-hw.h
> > @@ -126,6 +126,7 @@ u32 mxc_jpeg_get_offset(void __iomem *reg, int
> > slot);  void mxc_jpeg_enable_slot(void __iomem *reg, int slot);  void
> > mxc_jpeg_set_l_endian(void __iomem *reg, int le);  void
> > mxc_jpeg_enable_irq(void __iomem *reg, int slot);
> > +void mxc_jpeg_disable_irq(void __iomem *reg, int slot);
> >  int mxc_jpeg_set_input(void __iomem *reg, u32 in_buf, u32 bufsize);
> > int mxc_jpeg_set_output(void __iomem *reg, u16 out_pitch, u32 out_buf,
> >                       u16 w, u16 h);
> > diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
> > b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
> > index 965021d3c7ef..b1f48835398e 100644
> > --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
> > +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c
> > @@ -592,15 +592,7 @@ static irqreturn_t mxc_jpeg_dec_irq(int irq, void
> *priv)
> >       dev_dbg(dev, "Irq %d on slot %d.\n", irq, slot);
> >
> >       ctx = v4l2_m2m_get_curr_priv(jpeg->m2m_dev);
> > -     if (!ctx) {
> > -             dev_err(dev,
> > -                     "Instance released before the end of
> transaction.\n");
> > -             /* soft reset only resets internal state, not registers */
> > -             mxc_jpeg_sw_reset(reg);
> > -             /* clear all interrupts */
> > -             writel(0xFFFFFFFF, reg + MXC_SLOT_OFFSET(slot,
> SLOT_STATUS));
> > -             goto job_unlock;
> > -     }
> > +     WARN_ON(!ctx);
> 
> This looks very scary, since if this happens,
> 
> >
> >       if (slot != ctx->slot) {
> 
> then it will crash here when it attempts to access ctx.
> 
> Shouldn't this be better?
> 
>         if (WARN_ON(!ctx))
>                 goto job_unlock;
> 
> It's certainly a lot more robust.

Yes, you're right, I'll make the v2 patch.
Thanks for your comments

Ming
> 
> Regards,
> 
>         Hans
> 
> >               /* TODO investigate when adding multi-instance support
> > */ @@ -673,6 +665,7 @@ static irqreturn_t mxc_jpeg_dec_irq(int irq, void
> *priv)
> >       buf_state = VB2_BUF_STATE_DONE;
> >
> >  buffers_done:
> > +     mxc_jpeg_disable_irq(reg, ctx->slot);
> >       jpeg->slot_data[slot].used = false; /* unused, but don't free */
> >       mxc_jpeg_check_and_set_last_buffer(ctx, src_buf, dst_buf);
> >       v4l2_m2m_src_buf_remove(ctx->fh.m2m_ctx);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ