Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a3506cb authored by Govindaraj Rajagopal's avatar Govindaraj Rajagopal
Browse files

msm: vidc: make venus_hfi_device as a static variable 



1. Mostly venus_hfi_device ptr is derived from hal_session
   (session->device). During session close hal_session is
   freed in forward path and at the same time RBR arrives
   at feed_back path leads to race condition.
2. If forward threads acquires device->lock first then
   reverse thread may have stale device ptr(which is already
   freed), accessing that ptr leads to device crash
3. To avoid refrencing device from hal_session, made
   venus_hfi_device as a static variable within hfi_common

Change-Id: Ic5db6d4f6da6da08e16f4f00a06a3c4fec4f9c6e
Signed-off-by: default avatarGovindaraj Rajagopal <grajagop@codeaurora.org>
parent 0f6ff621

msm/vidc/hfi_common.c

+77 −201
Original line number Diff line number Diff line
@@ -39,6 +39,7 @@ 
#define MIN_PAYLOAD_SIZE 3



static struct hal_device_data hal_ctxt;

static struct venus_hfi_device venus_hfi_dev;



#define TZBSP_MEM_PROTECT_VIDEO_VAR 0x8

struct tzbsp_memprot {
@@ -432,6 +433,9 @@ static int __session_pause(struct venus_hfi_device *device, 
{

	int rc = 0;



	if (!__is_session_valid(device, session, __func__))

		return -EINVAL;



	/* ignore if session paused already */

	if (session->flags & SESSION_PAUSE)

		return 0;
@@ -448,6 +452,9 @@ static int __session_resume(struct venus_hfi_device *device, 
{

	int rc = 0;



	if (!__is_session_valid(device, session, __func__))

		return -EINVAL;



	/* ignore if session already resumed */

	if (!(session->flags & SESSION_PAUSE))

		return 0;
@@ -476,13 +483,7 @@ static int venus_hfi_session_pause(void *sess) 
{

	int rc;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "%s: invalid params\n", __func__);

		return -EINVAL;

	}

	device = session->device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	mutex_lock(&device->lock);

	rc = __session_pause(device, session);
@@ -495,13 +496,7 @@ static int venus_hfi_session_resume(void *sess) 
{

	int rc;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "%s: invalid params\n", __func__);

		return -EINVAL;

	}

	device = session->device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	mutex_lock(&device->lock);

	rc = __session_resume(device, session);
@@ -694,7 +689,6 @@ static void __hal_sim_modify_msg_packet(u8 *packet, 
	fw_bias = device->hal_data->firmware_base;

	init_done = (struct hfi_msg_sys_session_init_done_packet *)packet;

	session = __get_session(device, init_done->session_id);



	if (!session) {

		dprintk(VIDC_ERR, "%s: Invalid session id: %x\n",

				__func__, init_done->session_id);
@@ -1245,7 +1239,6 @@ static int venus_hfi_flush_debug_queue(void *dev) 
	}



	mutex_lock(&device->lock);



	if (!device->power_enabled) {

		dprintk(VIDC_ERR, "%s: venus power off\n", __func__);

		rc = -EINVAL;
@@ -2262,15 +2255,9 @@ static int venus_hfi_session_set_property(void *sess, 
	struct hfi_cmd_session_set_property_packet *pkt =

		(struct hfi_cmd_session_set_property_packet *) &packet;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "Invalid Params\n");

		return -EINVAL;

	}



	device = session->device;

	mutex_lock(&device->lock);



	dprintk(VIDC_HIGH, "in set_prop,with prop id: %#x\n", ptype);
@@ -2293,7 +2280,7 @@ static int venus_hfi_session_set_property(void *sess, 
		goto err_set_prop;

	}



	if (__iface_cmdq_write(session->device, pkt)) {

	if (__iface_cmdq_write(device, pkt)) {

		rc = -ENOTEMPTY;

		goto err_set_prop;

	}
@@ -2315,13 +2302,10 @@ static void __set_default_sys_properties(struct venus_hfi_device *device) 
static void __session_clean(struct hal_session *session)

{

	struct hal_session *temp, *next;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "%s: invalid params\n", __func__);

	if (!__is_session_valid(device, session, __func__))

		return;

	}

	device = session->device;

	dprintk(VIDC_HIGH, "deleted the session: %pK\n", session);

	/*

	 * session might have been removed from the device list in
@@ -2338,28 +2322,13 @@ static void __session_clean(struct hal_session *session) 
	kfree(session);

}



static int venus_hfi_session_clean(void *session)

static int venus_hfi_session_clean(void *sess)

{

	struct hal_session *sess_close;

	struct venus_hfi_device *device;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess_close = session;

	device = sess_close->device;



	if (!device) {

		dprintk(VIDC_ERR, "Invalid device handle %s\n", __func__);

		return -EINVAL;

	}

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;



	mutex_lock(&device->lock);



	__session_clean(sess_close);



	__session_clean(session);

	mutex_unlock(&device->lock);

	return 0;

}
@@ -2388,7 +2357,6 @@ static int venus_hfi_session_init(void *device, void *session_id, 


	s->session_id = session_id;

	s->is_decoder = (session_type == HAL_VIDEO_DOMAIN_DECODER);

	s->device = dev;

	s->codec = codec_type;

	s->domain = session_type;

	dprintk(VIDC_HIGH|VIDC_PERF,
@@ -2424,7 +2392,7 @@ static int __send_session_cmd(struct hal_session *session, int pkt_type) 
{

	struct vidc_hal_session_cmd_pkt pkt;

	int rc = 0;

	struct venus_hfi_device *device = session->device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!__is_session_valid(device, session, __func__))

		return -EINVAL;
@@ -2439,31 +2407,23 @@ static int __send_session_cmd(struct hal_session *session, int pkt_type) 
		goto err_create_pkt;

	}



	if (__iface_cmdq_write(session->device, &pkt))

	if (__iface_cmdq_write(device, &pkt))

		rc = -ENOTEMPTY;



err_create_pkt:

	return rc;

}



static int venus_hfi_session_end(void *session)

static int venus_hfi_session_end(void *sess)

{

	struct hal_session *sess;

	struct venus_hfi_device *device;

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess = session;

	device = sess->device;



	mutex_lock(&device->lock);



	if (msm_vidc_fw_coverage) {

		if (__sys_set_coverage(sess->device, msm_vidc_fw_coverage))

		if (__sys_set_coverage(device, msm_vidc_fw_coverage))

			dprintk(VIDC_ERR, "Fw_coverage msg ON failed\n");

	}
@@ -2477,16 +2437,9 @@ static int venus_hfi_session_end(void *session) 
static int venus_hfi_session_abort(void *sess)

{

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	device = session->device;



	mutex_lock(&device->lock);



	__flush_debug_queue(device, NULL);
@@ -2504,14 +2457,13 @@ static int venus_hfi_session_set_buffers(void *sess, 
	u8 packet[VIDC_IFACEQ_VAR_LARGE_PKT_SIZE];

	int rc = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device || !buffer_info) {

	if (!buffer_info) {

		dprintk(VIDC_ERR, "Invalid Params\n");

		return -EINVAL;

	}



	device = session->device;

	mutex_lock(&device->lock);



	if (!__is_session_valid(device, session, __func__)) {
@@ -2537,7 +2489,7 @@ static int venus_hfi_session_set_buffers(void *sess, 
	}



	dprintk(VIDC_HIGH, "set buffers: %#x\n", buffer_info->buffer_type);

	if (__iface_cmdq_write(session->device, pkt))

	if (__iface_cmdq_write(device, pkt))

		rc = -ENOTEMPTY;



err_create_pkt:
@@ -2552,14 +2504,13 @@ static int venus_hfi_session_release_buffers(void *sess, 
	u8 packet[VIDC_IFACEQ_VAR_LARGE_PKT_SIZE];

	int rc = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device || !buffer_info) {

	if (!buffer_info) {

		dprintk(VIDC_ERR, "Invalid Params\n");

		return -EINVAL;

	}



	device = session->device;

	mutex_lock(&device->lock);



	if (!__is_session_valid(device, session, __func__)) {
@@ -2581,7 +2532,7 @@ static int venus_hfi_session_release_buffers(void *sess, 
	}



	dprintk(VIDC_HIGH, "Release buffers: %#x\n", buffer_info->buffer_type);

	if (__iface_cmdq_write(session->device, pkt))

	if (__iface_cmdq_write(device, pkt))

		rc = -ENOTEMPTY;



err_create_pkt:
@@ -2596,13 +2547,12 @@ static int venus_hfi_session_register_buffer(void *sess, 
	u8 packet[VIDC_IFACEQ_VAR_LARGE_PKT_SIZE];

	struct hfi_cmd_session_register_buffers_packet *pkt;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device || !buffer) {

	if (!buffer) {

		dprintk(VIDC_ERR, "%s: invalid params\n", __func__);

		return -EINVAL;

	}

	device = session->device;



	mutex_lock(&device->lock);

	if (!__is_session_valid(device, session, __func__)) {
@@ -2616,7 +2566,7 @@ static int venus_hfi_session_register_buffer(void *sess, 
		dprintk(VIDC_ERR, "%s: failed to create packet\n", __func__);

		goto exit;

	}

	if (__iface_cmdq_write(session->device, pkt))

	if (__iface_cmdq_write(device, pkt))

		rc = -ENOTEMPTY;

exit:

	mutex_unlock(&device->lock);
@@ -2631,13 +2581,12 @@ static int venus_hfi_session_unregister_buffer(void *sess, 
	u8 packet[VIDC_IFACEQ_VAR_LARGE_PKT_SIZE];

	struct hfi_cmd_session_unregister_buffers_packet *pkt;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device || !buffer) {

	if (!buffer) {

		dprintk(VIDC_ERR, "%s: invalid params\n", __func__);

		return -EINVAL;

	}

	device = session->device;



	mutex_lock(&device->lock);

	if (!__is_session_valid(device, session, __func__)) {
@@ -2651,7 +2600,7 @@ static int venus_hfi_session_unregister_buffer(void *sess, 
		dprintk(VIDC_ERR, "%s: failed to create packet\n", __func__);

		goto exit;

	}

	if (__iface_cmdq_write(session->device, pkt))

	if (__iface_cmdq_write(device, pkt))

		rc = -ENOTEMPTY;

exit:

	mutex_unlock(&device->lock);
@@ -2659,106 +2608,66 @@ static int venus_hfi_session_unregister_buffer(void *sess, 
	return rc;

}



static int venus_hfi_session_load_res(void *session)

static int venus_hfi_session_load_res(void *sess)

{

	struct hal_session *sess;

	struct venus_hfi_device *device;

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess = session;

	device = sess->device;



	mutex_lock(&device->lock);

	rc = __send_session_cmd(sess, HFI_CMD_SESSION_LOAD_RESOURCES);

	rc = __send_session_cmd(session, HFI_CMD_SESSION_LOAD_RESOURCES);

	mutex_unlock(&device->lock);



	return rc;

}



static int venus_hfi_session_release_res(void *session)

static int venus_hfi_session_release_res(void *sess)

{

	struct hal_session *sess;

	struct venus_hfi_device *device;

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess = session;

	device = sess->device;



	mutex_lock(&device->lock);

	rc = __send_session_cmd(sess, HFI_CMD_SESSION_RELEASE_RESOURCES);

	rc = __send_session_cmd(session, HFI_CMD_SESSION_RELEASE_RESOURCES);

	mutex_unlock(&device->lock);



	return rc;

}



static int venus_hfi_session_start(void *session)

static int venus_hfi_session_start(void *sess)

{

	struct hal_session *sess;

	struct venus_hfi_device *device;

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess = session;

	device = sess->device;



	mutex_lock(&device->lock);

	rc = __send_session_cmd(sess, HFI_CMD_SESSION_START);

	rc = __send_session_cmd(session, HFI_CMD_SESSION_START);

	mutex_unlock(&device->lock);



	return rc;

}



static int venus_hfi_session_continue(void *session)

static int venus_hfi_session_continue(void *sess)

{

	struct hal_session *sess;

	struct venus_hfi_device *device;

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess = session;

	device = sess->device;



	mutex_lock(&device->lock);

	rc = __send_session_cmd(sess, HFI_CMD_SESSION_CONTINUE);

	rc = __send_session_cmd(session, HFI_CMD_SESSION_CONTINUE);

	mutex_unlock(&device->lock);



	return rc;

}



static int venus_hfi_session_stop(void *session)

static int venus_hfi_session_stop(void *sess)

{

	struct hal_session *sess;

	struct venus_hfi_device *device;

	struct hal_session *session = sess;

	struct venus_hfi_device *device = &venus_hfi_dev;

	int rc = 0;



	if (!session) {

		dprintk(VIDC_ERR, "Invalid Params %s\n", __func__);

		return -EINVAL;

	}



	sess = session;

	device = sess->device;



	mutex_lock(&device->lock);

	rc = __send_session_cmd(sess, HFI_CMD_SESSION_STOP);

	rc = __send_session_cmd(session, HFI_CMD_SESSION_STOP);

	mutex_unlock(&device->lock);



	return rc;
@@ -2768,7 +2677,7 @@ static int __session_etb(struct hal_session *session, 
		struct vidc_frame_data *input_frame, bool relaxed)

{

	int rc = 0;

	struct venus_hfi_device *device = session->device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!__is_session_valid(device, session, __func__))

		return -EINVAL;
@@ -2785,10 +2694,9 @@ static int __session_etb(struct hal_session *session, 
		}



		if (!relaxed)

			rc = __iface_cmdq_write(session->device, &pkt);

			rc = __iface_cmdq_write(device, &pkt);

		else

			rc = __iface_cmdq_write_relaxed(session->device,

					&pkt, NULL);

			rc = __iface_cmdq_write_relaxed(device, &pkt, NULL);

		if (rc)

			goto err_create_pkt;

	} else {
@@ -2804,10 +2712,9 @@ static int __session_etb(struct hal_session *session, 
		}



		if (!relaxed)

			rc = __iface_cmdq_write(session->device, &pkt);

			rc = __iface_cmdq_write(device, &pkt);

		else

			rc = __iface_cmdq_write_relaxed(session->device,

					&pkt, NULL);

			rc = __iface_cmdq_write_relaxed(device, &pkt, NULL);

		if (rc)

			goto err_create_pkt;

	}
@@ -2821,14 +2728,13 @@ static int venus_hfi_session_etb(void *sess, 
{

	int rc = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device || !input_frame) {

	if (!input_frame) {

		dprintk(VIDC_ERR, "Invalid Params\n");

		return -EINVAL;

	}



	device = session->device;

	mutex_lock(&device->lock);

	rc = __session_etb(session, input_frame, false);

	mutex_unlock(&device->lock);
@@ -2839,7 +2745,7 @@ static int __session_ftb(struct hal_session *session, 
		struct vidc_frame_data *output_frame, bool relaxed)

{

	int rc = 0;

	struct venus_hfi_device *device = session->device;

	struct venus_hfi_device *device = &venus_hfi_dev;

	struct hfi_cmd_session_fill_buffer_packet pkt;



	if (!__is_session_valid(device, session, __func__))
@@ -2853,10 +2759,9 @@ static int __session_ftb(struct hal_session *session, 
	}



	if (!relaxed)

		rc = __iface_cmdq_write(session->device, &pkt);

		rc = __iface_cmdq_write(device, &pkt);

	else

		rc = __iface_cmdq_write_relaxed(session->device,

				&pkt, NULL);

		rc = __iface_cmdq_write_relaxed(device, &pkt, NULL);



err_create_pkt:

	return rc;
@@ -2867,14 +2772,13 @@ static int venus_hfi_session_ftb(void *sess, 
{

	int rc = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;



	if (!session || !session->device || !output_frame) {

	if (!output_frame) {

		dprintk(VIDC_ERR, "Invalid Params\n");

		return -EINVAL;

	}



	device = session->device;

	mutex_lock(&device->lock);

	rc = __session_ftb(session, output_frame, false);

	mutex_unlock(&device->lock);
@@ -2887,16 +2791,9 @@ static int venus_hfi_session_process_batch(void *sess, 
{

	int rc = 0, c = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;

	struct venus_hfi_device *device = &venus_hfi_dev;

	struct hfi_cmd_session_sync_process_packet pkt;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "%s: Invalid Params\n", __func__);

		return -EINVAL;

	}



	device = session->device;



	mutex_lock(&device->lock);



	if (!__is_session_valid(device, session, __func__)) {
@@ -2928,7 +2825,7 @@ static int venus_hfi_session_process_batch(void *sess, 
		goto err_etbs_and_ftbs;

	}



	if (__iface_cmdq_write(session->device, &pkt))

	if (__iface_cmdq_write(device, &pkt))

		rc = -ENOTEMPTY;



err_etbs_and_ftbs:
@@ -2941,18 +2838,12 @@ static int venus_hfi_session_get_buf_req(void *sess) 
	struct hfi_cmd_session_get_property_packet pkt;

	int rc = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "invalid session");

		return -ENODEV;

	}

	struct venus_hfi_device *device = &venus_hfi_dev;



	device = session->device;

	mutex_lock(&device->lock);



	if (!__is_session_valid(device, session, __func__)) {

		rc = -EINVAL;

		rc = -ENODEV;

		goto err_create_pkt;

	}

	rc = call_hfi_pkt_op(device, session_get_buf_req,
@@ -2963,7 +2854,7 @@ static int venus_hfi_session_get_buf_req(void *sess) 
		goto err_create_pkt;

	}



	if (__iface_cmdq_write(session->device, &pkt))

	if (__iface_cmdq_write(device, &pkt))

		rc = -ENOTEMPTY;

err_create_pkt:

	mutex_unlock(&device->lock);
@@ -2975,18 +2866,12 @@ static int venus_hfi_session_flush(void *sess, enum hal_flush flush_mode) 
	struct hfi_cmd_session_flush_packet pkt;

	int rc = 0;

	struct hal_session *session = sess;

	struct venus_hfi_device *device;



	if (!session || !session->device) {

		dprintk(VIDC_ERR, "invalid session");

		return -ENODEV;

	}

	struct venus_hfi_device *device = &venus_hfi_dev;



	device = session->device;

	mutex_lock(&device->lock);



	if (!__is_session_valid(device, session, __func__)) {

		rc = -EINVAL;

		rc = -ENODEV;

		goto err_create_pkt;

	}

	rc = call_hfi_pkt_op(device, session_flush,
@@ -2996,7 +2881,7 @@ static int venus_hfi_session_flush(void *sess, enum hal_flush flush_mode) 
		goto err_create_pkt;

	}



	if (__iface_cmdq_write(session->device, &pkt))

	if (__iface_cmdq_write(device, &pkt))

		rc = -ENOTEMPTY;

err_create_pkt:

	mutex_unlock(&device->lock);
@@ -4977,7 +4862,7 @@ static struct venus_hfi_device *__add_device(u32 device_id, 
			struct msm_vidc_platform_resources *res,

			hfi_cmd_response_callback callback)

{

	struct venus_hfi_device *hdevice = NULL;

	struct venus_hfi_device *hdevice = &venus_hfi_dev;

	int rc = 0;



	if (!res || !callback) {
@@ -4987,12 +4872,6 @@ static struct venus_hfi_device *__add_device(u32 device_id, 


	dprintk(VIDC_HIGH, "entered , device_id: %d\n", device_id);



	hdevice = kzalloc(sizeof(struct venus_hfi_device), GFP_KERNEL);

	if (!hdevice) {

		dprintk(VIDC_ERR, "failed to allocate new device\n");

		goto exit;

	}



	hdevice->response_pkt = kmalloc_array(max_packets,

				sizeof(*hdevice->response_pkt), GFP_KERNEL);

	if (!hdevice->response_pkt) {
@@ -5047,8 +4926,6 @@ static struct venus_hfi_device *__add_device(u32 device_id, 
		destroy_workqueue(hdevice->vidc_workq);

	kfree(hdevice->response_pkt);

	kfree(hdevice->raw_packet);

	kfree(hdevice);

exit:

	return NULL;

}
@@ -5085,7 +4962,6 @@ void venus_hfi_delete_device(void *device) 
			kfree(close->hal_data);

			kfree(close->response_pkt);

			kfree(close->raw_packet);

			kfree(close);

			break;

		}

	}

msm/vidc/vidc_hfi.h

+0 −1
Original line number Diff line number Diff line
@@ -819,7 +819,6 @@ struct hal_session { 
	enum hal_video_codec codec;

	enum hal_domain domain;

	u32 flags;

	void *device;

};



struct hal_device_data {