Lubancat2/kernel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

video: rockchip: mpp: Fix mpp_dev_release crash

Browse Source 
This patch fix crash in mpp_dev_release.
In multi-instance case the session on deinit is attached to session_detach
and trigger the taskqueue to release session. But the session is
released just after unlock and before trigger then the session and
invalid and the session->mpp is also invalid.

The crash log is shown below:

[71267.807643] Call trace:
[71267.810099]  do_raw_spin_lock+0x20/0xd8
[71267.813937]  _raw_spin_lock_irqsave+0x28/0x38
[71267.818292]  kthread_queue_work+0x2c/0x80
[71267.822298]  mpp_dev_release+0x118/0x154
[71267.826219]  __fput+0xf4/0x1a8
[71267.829272]  ____fput+0x20/0x2c
[71267.832409]  task_work_run+0x88/0xb0
[71267.835982]  do_notify_resume+0xe8/0x10c
[71267.839902]  work_pending+0x8/0x10
[71267.843306] Code: aa1e03e0 d503201f 5289d5a0 72bbd5a0 (b9400661)
[71267.849396] ---[ end trace d8082e9114a3a9da ]---

Signed-off-by: Herman Chen <herman.chen@rock-chips.com>
Change-Id: Ib9825de2f1bc9f7999bdfe193aa440fd85d41448
This commit is contained in:
Herman Chen
2021-12-31 14:53:54 +08:00
parent d02ba68161
commit ddc1c24c52
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/video/rockchip/mpp/mpp_common.c
View File

@ -346,12 +346,14 @@ static void mpp_session_attach_workqueue(struct mpp_session *session,
static void mpp_session_detach_workqueue(struct mpp_session *session) static void mpp_session_detach_workqueue(struct mpp_session *session)
{ {
struct mpp_taskqueue *queue; struct mpp_taskqueue *queue;
struct mpp_dev *mpp;
if (!session->mpp || !session->mpp->queue) if (!session->mpp || !session->mpp->queue)
return; return;
mpp_dbg_session("session %p:%d detach\n", session, session->index); mpp_dbg_session("session %p:%d detach\n", session, session->index);
queue = session->mpp->queue; mpp = session->mpp;
queue = mpp->queue;
mutex_lock(&queue->session_lock); mutex_lock(&queue->session_lock);
list_del_init(&session->session_link); list_del_init(&session->session_link);
@ -359,7 +361,7 @@ static void mpp_session_detach_workqueue(struct mpp_session *session)
queue->detach_count++; queue->detach_count++;
mutex_unlock(&queue->session_lock); mutex_unlock(&queue->session_lock);
mpp_taskqueue_trigger_work(session->mpp); mpp_taskqueue_trigger_work(mpp);
} }
static int static int