diff mbox series

venus: hfi_parser: fix a regression in parser

Message ID 20190527153948.3432-1-stanimir.varbanov@linaro.org
State Accepted
Commit a200c721956ca026f44416acccc8efcca41109c5
Headers show
Series venus: hfi_parser: fix a regression in parser | expand

Commit Message

Stanimir Varbanov May 27, 2019, 3:39 p.m. UTC
This fixes the following data abort:

 Unable to handle kernel paging request at virtual address 0000078000000040
 Mem abort info:
   ESR = 0x96000004
   Exception class = DABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
 Data abort info:
   ISV = 0, ISS = 0x00000004
   CM = 0, WnR = 0
 user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
 [0000078000000040] pgd=0000000000000000
 Internal error: Oops: 96000004 [#1] PREEMPT SMP
 Process irq/28-venus (pid: 292, stack limit = 0x(____ptrval____))
 CPU: 0 PID: 292 Comm: irq/28-venus Not tainted 5.2.0-rc1+ #60
 Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
 pstate: 60000005 (nZCv daif -PAN -UAO)
 pc : __memcpy+0x100/0x180
 lr : parse_caps+0x94/0xc0 [venus_core]
 sp : ffff0000114e3990
 x29: ffff0000114e3990 x28: ffff80003a7d0148
 x27: 00000000000df018 x26: ffff000008bd4618
 x25: 0000000000020003 x24: 0000078000000040
 x23: 0000000000000002 x22: 0000000000000002
 x21: ffff80003b9b8080 x20: 0000000000000008
 x19: ffff000010f59000 x18: 0000000000000000
 x17: 0000000000000000 x16: ffff80003c0f9b80
 x15: 0000000000000000 x14: 0100000100000002
 x13: 000000010020100b x12: 000000010000100a
 x11: 0000100000000040 x10: 0000100000000004
 x9 : 0000000000000000 x8 : ffff0000114e3bd8
 x7 : 0000000000000000 x6 : ffff0000114e39d8
 x5 : 0000000000000040 x4 : 0000000000000000
 x3 : 0000000000000010 x2 : 0000000000000000
 x1 : 0000078000000040 x0 : ffff0000114e39d8
 Call trace:
  __memcpy+0x100/0x180
  hfi_parser+0x23c/0x3b8 [venus_core]
  hfi_session_init_done+0x40/0x60 [venus_core]
  hfi_process_msg_packet+0xd4/0x1d8 [venus_core]
  venus_isr_thread+0x1e0/0x230 [venus_core]
  hfi_isr_thread+0x18/0x20 [venus_core]
  irq_thread_fn+0x28/0x78
  irq_thread+0x124/0x1c0
  kthread+0x124/0x128
  ret_from_fork+0x10/0x18
 Code: d503201f d503201f d503201f d503201f (a8c12027)
 ---[ end trace fd253ebaeea05ffc ]---
 genirq: exiting task "irq/28-venus" (292) is an active IRQ thread (irq 28)

by modifying structure members to flexible array members.

Fixes: ded716267196862809e5926072adc962a611a1e3 media: hfi_parser: don't trick gcc with a wrong expected size
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>

---
 drivers/media/platform/qcom/venus/hfi_helper.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.17.1
diff mbox series

Patch

diff --git a/drivers/media/platform/qcom/venus/hfi_helper.h b/drivers/media/platform/qcom/venus/hfi_helper.h
index 34ea503a9842..a2b95ff79c4a 100644
--- a/drivers/media/platform/qcom/venus/hfi_helper.h
+++ b/drivers/media/platform/qcom/venus/hfi_helper.h
@@ -569,7 +569,7 @@  struct hfi_capability {
 
 struct hfi_capabilities {
 	u32 num_capabilities;
-	struct hfi_capability *data;
+	struct hfi_capability data[];
 };
 
 #define HFI_DEBUG_MSG_LOW	0x01
@@ -726,7 +726,7 @@  struct hfi_profile_level {
 
 struct hfi_profile_level_supported {
 	u32 profile_count;
-	struct hfi_profile_level *profile_level;
+	struct hfi_profile_level profile_level[];
 };
 
 struct hfi_quality_vs_speed {