Merge tag 'LA.UM.9.12.1.r1-09700-SMxx50.QSSI12.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/video-driver into android13-4.19-kona
"LA.UM.9.12.1.r1-09700-SMxx50.QSSI12.0" * tag 'LA.UM.9.12.1.r1-09700-SMxx50.QSSI12.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/video-driver: msm: vidc: Release cvp buffer lock in invalid buffer case msm: vidc: Fix possible UAF during buffer unregister call vidc: Return EBUSY if mbpf check fails vidc: Skip unsupported session load in load calculation Conflicts: techpack/video/msm/vidc/msm_vidc_common.c Change-Id: I7dc1d60f51c11288c83f7ee4097b2b2f39d2655b
This commit is contained in:
Michael Bestas
@@ -142,7 +142,6 @@ void handle_session_unregister_buffer_done(enum hal_command_response cmd,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
mutex_unlock(&inst->cvpbufs.lock);
|
|
||||||
if (!found) {
|
if (!found) {
|
||||||
s_vpr_e(inst->sid, "%s: client_data %x not found\n",
|
s_vpr_e(inst->sid, "%s: client_data %x not found\n",
|
||||||
__func__, response->data.unregbuf.client_data);
|
__func__, response->data.unregbuf.client_data);
|
||||||
@@ -164,12 +163,11 @@ void handle_session_unregister_buffer_done(enum hal_command_response cmd,
|
|||||||
data[3] = cbuf->buf.offset;
|
data[3] = cbuf->buf.offset;
|
||||||
v4l2_event_queue_fh(&inst->event_handler, &event);
|
v4l2_event_queue_fh(&inst->event_handler, &event);
|
||||||
|
|
||||||
mutex_lock(&inst->cvpbufs.lock);
|
|
||||||
list_del(&cbuf->list);
|
list_del(&cbuf->list);
|
||||||
mutex_unlock(&inst->cvpbufs.lock);
|
|
||||||
kfree(cbuf);
|
kfree(cbuf);
|
||||||
cbuf = NULL;
|
cbuf = NULL;
|
||||||
exit:
|
exit:
|
||||||
|
mutex_unlock(&inst->cvpbufs.lock);
|
||||||
s_vpr_l(inst->sid, "handled: SESSION_UNREGISTER_BUFFER_DONE\n");
|
s_vpr_l(inst->sid, "handled: SESSION_UNREGISTER_BUFFER_DONE\n");
|
||||||
put_inst(inst);
|
put_inst(inst);
|
||||||
}
|
}
|
||||||
@@ -432,9 +430,9 @@ static int msm_cvp_unregister_buffer(struct msm_vidc_inst *inst,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
mutex_unlock(&inst->cvpbufs.lock);
|
|
||||||
if (!found) {
|
if (!found) {
|
||||||
print_client_buffer(VIDC_ERR, "invalid", inst, buf);
|
print_client_buffer(VIDC_ERR, "invalid", inst, buf);
|
||||||
|
mutex_unlock(&inst->cvpbufs.lock);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -450,6 +448,7 @@ static int msm_cvp_unregister_buffer(struct msm_vidc_inst *inst,
|
|||||||
if (rc)
|
if (rc)
|
||||||
print_cvp_buffer(VIDC_ERR, "unregister failed", inst, cbuf);
|
print_cvp_buffer(VIDC_ERR, "unregister failed", inst, cbuf);
|
||||||
|
|
||||||
|
mutex_unlock(&inst->cvpbufs.lock);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1488,6 +1488,7 @@ void *msm_vidc_open(int core_id, int session_type)
|
|||||||
inst->entropy_mode = HFI_H264_ENTROPY_CABAC;
|
inst->entropy_mode = HFI_H264_ENTROPY_CABAC;
|
||||||
inst->full_range = COLOR_RANGE_UNSPECIFIED;
|
inst->full_range = COLOR_RANGE_UNSPECIFIED;
|
||||||
inst->active = true;
|
inst->active = true;
|
||||||
|
inst->supported = true;
|
||||||
|
|
||||||
for (i = SESSION_MSG_INDEX(SESSION_MSG_START);
|
for (i = SESSION_MSG_INDEX(SESSION_MSG_START);
|
||||||
i <= SESSION_MSG_INDEX(SESSION_MSG_END); i++) {
|
i <= SESSION_MSG_INDEX(SESSION_MSG_END); i++) {
|
||||||
|
|||||||
@@ -817,8 +817,8 @@ int msm_comm_get_inst_load(struct msm_vidc_inst *inst,
|
|||||||
* | res * max(op, fps)|
|
* | res * max(op, fps)|
|
||||||
* ----------------|----------------------------|
|
* ----------------|----------------------------|
|
||||||
*/
|
*/
|
||||||
|
if (!is_supported_session(inst) ||
|
||||||
if (is_thumbnail_session(inst) ||
|
is_thumbnail_session(inst) ||
|
||||||
(!is_realtime_session(inst) &&
|
(!is_realtime_session(inst) &&
|
||||||
quirks == LOAD_ADMISSION_CONTROL)) {
|
quirks == LOAD_ADMISSION_CONTROL)) {
|
||||||
load = 0;
|
load = 0;
|
||||||
@@ -858,7 +858,6 @@ int msm_comm_get_device_load(struct msm_vidc_core *core,
|
|||||||
list_for_each_entry(inst, &core->instances, list) {
|
list_for_each_entry(inst, &core->instances, list) {
|
||||||
if (inst->session_type != sess_type)
|
if (inst->session_type != sess_type)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (load_type == MSM_VIDC_VIDEO && !is_video_session(inst))
|
if (load_type == MSM_VIDC_VIDEO && !is_video_session(inst))
|
||||||
continue;
|
continue;
|
||||||
else if (load_type == MSM_VIDC_IMAGE && !is_grid_session(inst))
|
else if (load_type == MSM_VIDC_IMAGE && !is_grid_session(inst))
|
||||||
@@ -3547,6 +3546,7 @@ static int msm_vidc_load_resources(int flipped_state,
|
|||||||
"H/W is overloaded. needed: %d max: %d\n",
|
"H/W is overloaded. needed: %d max: %d\n",
|
||||||
video_load, max_video_load);
|
video_load, max_video_load);
|
||||||
msm_vidc_print_running_insts(inst->core);
|
msm_vidc_print_running_insts(inst->core);
|
||||||
|
inst->supported = false;
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3555,6 +3555,7 @@ static int msm_vidc_load_resources(int flipped_state,
|
|||||||
"H/W is overloaded. needed: [video + image][%d + %d], max: [video + image][%d + %d]\n",
|
"H/W is overloaded. needed: [video + image][%d + %d], max: [video + image][%d + %d]\n",
|
||||||
video_load, image_load, max_video_load, max_image_load);
|
video_load, image_load, max_video_load, max_image_load);
|
||||||
msm_vidc_print_running_insts(inst->core);
|
msm_vidc_print_running_insts(inst->core);
|
||||||
|
inst->supported = false;
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5818,7 +5819,7 @@ static int msm_vidc_check_mbpf_supported(struct msm_vidc_inst *inst)
|
|||||||
|
|
||||||
if (mbpf > core->resources.max_mbpf) {
|
if (mbpf > core->resources.max_mbpf) {
|
||||||
msm_vidc_print_running_insts(inst->core);
|
msm_vidc_print_running_insts(inst->core);
|
||||||
return -ENOMEM;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@@ -5962,6 +5963,7 @@ static int msm_vidc_check_mbps_supported(struct msm_vidc_inst *inst)
|
|||||||
"H/W is overloaded. needed: %d max: %d\n",
|
"H/W is overloaded. needed: %d max: %d\n",
|
||||||
video_load, max_video_load);
|
video_load, max_video_load);
|
||||||
msm_vidc_print_running_insts(inst->core);
|
msm_vidc_print_running_insts(inst->core);
|
||||||
|
inst->supported = false;
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5971,6 +5973,7 @@ static int msm_vidc_check_mbps_supported(struct msm_vidc_inst *inst)
|
|||||||
video_load, image_load,
|
video_load, image_load,
|
||||||
max_video_load, max_image_load);
|
max_video_load, max_image_load);
|
||||||
msm_vidc_print_running_insts(inst->core);
|
msm_vidc_print_running_insts(inst->core);
|
||||||
|
inst->supported = false;
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -157,7 +157,10 @@ static inline bool is_encode_session(struct msm_vidc_inst *inst)
|
|||||||
{
|
{
|
||||||
return inst->session_type == MSM_VIDC_ENCODER;
|
return inst->session_type == MSM_VIDC_ENCODER;
|
||||||
}
|
}
|
||||||
|
static inline bool is_supported_session(struct msm_vidc_inst *inst)
|
||||||
|
{
|
||||||
|
return inst->supported;
|
||||||
|
}
|
||||||
static inline bool is_primary_output_mode(struct msm_vidc_inst *inst)
|
static inline bool is_primary_output_mode(struct msm_vidc_inst *inst)
|
||||||
{
|
{
|
||||||
return inst->stream_output_mode == HAL_VIDEO_DECODER_PRIMARY;
|
return inst->stream_output_mode == HAL_VIDEO_DECODER_PRIMARY;
|
||||||
|
|||||||
@@ -577,6 +577,7 @@ struct msm_vidc_inst {
|
|||||||
int full_range;
|
int full_range;
|
||||||
u64 last_qbuf_time_ns;
|
u64 last_qbuf_time_ns;
|
||||||
bool active;
|
bool active;
|
||||||
|
bool supported;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern struct msm_vidc_drv *vidc_driver;
|
extern struct msm_vidc_drv *vidc_driver;
|
||||||
|
|||||||
Reference in New Issue
Block a user