struct vpu_inst *tmp;
mutex_lock(&core->lock);
- if (!test_bit(index, &core->instance_mask))
+ if (index >= core->supported_instance_count || !test_bit(index, &core->instance_mask))
goto exit;
list_for_each_entry(tmp, &core->instances, list) {
if (tmp->id == index) {
}
}
-u32 vpu_helper_copy_from_stream_buffer(struct vpu_buffer *stream_buffer,
+int vpu_helper_copy_from_stream_buffer(struct vpu_buffer *stream_buffer,
u32 *rptr, u32 size, void *dst)
{
u32 offset;
}
*rptr = vpu_helper_step_walk(stream_buffer, offset, size);
- return size;
+
+ return 0;
}
-u32 vpu_helper_copy_to_stream_buffer(struct vpu_buffer *stream_buffer,
+int vpu_helper_copy_to_stream_buffer(struct vpu_buffer *stream_buffer,
u32 *wptr, u32 size, void *src)
{
u32 offset;
*wptr = vpu_helper_step_walk(stream_buffer, offset, size);
- return size;
+ return 0;
}
-u32 vpu_helper_memset_stream_buffer(struct vpu_buffer *stream_buffer,
+int vpu_helper_memset_stream_buffer(struct vpu_buffer *stream_buffer,
u32 *wptr, u8 val, u32 size)
{
u32 offset;
*wptr = offset;
- return size;
+ return 0;
}
u32 vpu_helper_get_free_space(struct vpu_inst *inst)
u32 vpu_helper_valid_frame_height(struct vpu_inst *inst, u32 height);
u32 vpu_helper_get_plane_size(u32 fmt, u32 width, u32 height, int plane_no,
u32 stride, u32 interlaced, u32 *pbl);
-u32 vpu_helper_copy_from_stream_buffer(struct vpu_buffer *stream_buffer,
+int vpu_helper_copy_from_stream_buffer(struct vpu_buffer *stream_buffer,
u32 *rptr, u32 size, void *dst);
-u32 vpu_helper_copy_to_stream_buffer(struct vpu_buffer *stream_buffer,
+int vpu_helper_copy_to_stream_buffer(struct vpu_buffer *stream_buffer,
u32 *wptr, u32 size, void *src);
-u32 vpu_helper_memset_stream_buffer(struct vpu_buffer *stream_buffer,
+int vpu_helper_memset_stream_buffer(struct vpu_buffer *stream_buffer,
u32 *wptr, u8 val, u32 size);
u32 vpu_helper_get_free_space(struct vpu_inst *inst);
u32 vpu_helper_get_used_space(struct vpu_inst *inst);
return 0;
}
-u32 vpu_imx8q_check_memory_region(dma_addr_t base, dma_addr_t addr, u32 size)
+int vpu_imx8q_check_memory_region(dma_addr_t base, dma_addr_t addr, u32 size)
{
const struct vpu_rpc_region_t imx8q_regions[] = {
{0x00000000, 0x08000000, VPU_CORE_MEMORY_CACHED},
int vpu_imx8q_boot_core(struct vpu_core *core);
int vpu_imx8q_get_power_state(struct vpu_core *core);
int vpu_imx8q_on_firmware_loaded(struct vpu_core *core);
-u32 vpu_imx8q_check_memory_region(dma_addr_t base, dma_addr_t addr, u32 size);
+int vpu_imx8q_check_memory_region(dma_addr_t base, dma_addr_t addr, u32 size);
bool vpu_imx8q_check_codec(enum vpu_core_type type);
bool vpu_imx8q_check_fmt(enum vpu_core_type type, u32 pixelfmt);
u32 pixelformat, u32 scode_type)
{
u32 wptr;
- u32 size;
- u32 total_size = 0;
+ int size;
+ int total_size = 0;
const struct malone_padding_scode *ps;
const u32 padding_size = 4096;
int ret;
return -EINVAL;
wptr = readl(&str_buf->wptr);
+ if (wptr < stream_buffer->phys || wptr > stream_buffer->phys + stream_buffer->length)
+ return -EINVAL;
+ if (wptr == stream_buffer->phys + stream_buffer->length)
+ wptr = stream_buffer->phys;
size = ALIGN(wptr, 4) - wptr;
if (size)
vpu_helper_memset_stream_buffer(stream_buffer, &wptr, 0, size);
size = sizeof(ps->data);
ret = vpu_helper_copy_to_stream_buffer(stream_buffer, &wptr, size, (void *)ps->data);
- if (ret < size)
+ if (ret < 0)
return -EINVAL;
total_size += size;
&scode->wptr,
sizeof(hdr),
hdr);
- return ret;
+ if (ret < 0)
+ return ret;
+ return sizeof(hdr);
}
static int vpu_malone_insert_scode_pic(struct malone_scode_t *scode, u32 codec_id, u32 ext_size)
{
u8 hdr[MALONE_PAYLOAD_HEADER_SIZE];
+ int ret;
set_payload_hdr(hdr,
SCODE_PICTURE,
ext_size + vb2_get_plane_payload(scode->vb, 0),
scode->inst->out_format.width,
scode->inst->out_format.height);
- return vpu_helper_copy_to_stream_buffer(&scode->inst->stream_buffer,
- &scode->wptr,
- sizeof(hdr),
- hdr);
+ ret = vpu_helper_copy_to_stream_buffer(&scode->inst->stream_buffer,
+ &scode->wptr,
+ sizeof(hdr),
+ hdr);
+ if (ret < 0)
+ return ret;
+ return sizeof(hdr);
}
static int vpu_malone_insert_scode_vc1_g_pic(struct malone_scode_t *scode)
struct vb2_v4l2_buffer *vbuf;
u8 nal_hdr[MALONE_VC1_NAL_HEADER_LEN];
u32 *data = NULL;
+ int ret;
vbuf = to_vb2_v4l2_buffer(scode->vb);
data = vb2_plane_vaddr(scode->vb, 0);
return 0;
create_vc1_nal_pichdr(nal_hdr);
- return vpu_helper_copy_to_stream_buffer(&scode->inst->stream_buffer,
- &scode->wptr,
- sizeof(nal_hdr),
- nal_hdr);
+ ret = vpu_helper_copy_to_stream_buffer(&scode->inst->stream_buffer,
+ &scode->wptr,
+ sizeof(nal_hdr),
+ nal_hdr);
+ if (ret < 0)
+ return ret;
+ return sizeof(nal_hdr);
}
static int vpu_malone_insert_scode_vc1_l_seq(struct malone_scode_t *scode)
scode->need_data = 0;
- ret = vpu_malone_insert_scode_seq(scode, MALONE_CODEC_ID_VC1_SIMPLE,
- sizeof(rcv_seqhdr));
+ ret = vpu_malone_insert_scode_seq(scode, MALONE_CODEC_ID_VC1_SIMPLE, sizeof(rcv_seqhdr));
if (ret < 0)
return ret;
size = ret;
if (ret < 0)
return ret;
- size += ret;
+ size += sizeof(rcv_seqhdr);
return size;
}
rcv_pichdr);
if (ret < 0)
return ret;
- size += ret;
+ size += sizeof(rcv_pichdr);
return size;
}
ivf_hdr);
if (ret < 0)
return ret;
- size += ret;
+ size += sizeof(ivf_hdr);
return size;
}
ivf_hdr);
if (ret < 0)
return ret;
- size += ret;
+ size += sizeof(ivf_hdr);
return size;
}
&wptr,
vb2_get_plane_payload(vb, 0),
vb2_plane_vaddr(vb, 0));
- if (ret < vb2_get_plane_payload(vb, 0))
+ if (ret < 0)
return -ENOMEM;
- size += ret;
+ size += vb2_get_plane_payload(vb, 0);
vpu_malone_update_wptr(str_buf, wptr);
&wptr,
vb2_get_plane_payload(vb, 0),
vb2_plane_vaddr(vb, 0));
- if (ret < vb2_get_plane_payload(vb, 0))
+ if (ret < 0)
return -ENOMEM;
vpu_malone_update_wptr(str_buf, wptr);
u32 size = desc->end - desc->start;
u32 rptr = desc->rptr;
u32 wptr = desc->wptr;
- u32 used = (wptr + size - rptr) % size;
+ u32 used;
+
+ if (!size)
+ return true;
- if (!size || used < size / 2)
+ used = (wptr + size - rptr) % size;
+ if (used < (size / 2))
return true;
return false;
static bool vpu_inst_receive_msg(struct vpu_inst *inst, struct vpu_rpc_event *pkt)
{
- u32 bytes = sizeof(struct vpu_rpc_event_header);
+ unsigned long bytes = sizeof(struct vpu_rpc_event_header);
u32 ret;
memset(pkt, 0, sizeof(*pkt));
static void vpu_inst_handle_msg(struct vpu_inst *inst, struct vpu_rpc_event *pkt)
{
- u32 bytes;
+ unsigned long bytes;
u32 id = pkt->hdr.id;
int ret;
{
struct vpu_core *core;
struct delayed_work *dwork;
- u32 bytes = sizeof(bytes);
+ unsigned long bytes = sizeof(u32);
u32 i;
if (!work)
#include "vpu_windsor.h"
#include "vpu_malone.h"
-u32 vpu_iface_check_memory_region(struct vpu_core *core, dma_addr_t addr, u32 size)
+int vpu_iface_check_memory_region(struct vpu_core *core, dma_addr_t addr, u32 size)
{
struct vpu_iface_ops *ops = vpu_core_get_iface(core);
u32 wptr;
u32 i;
+ if (cmd->hdr.num > 0xff || cmd->hdr.num >= ARRAY_SIZE(cmd->data))
+ return -EINVAL;
desc = shared->cmd_desc;
space = vpu_rpc_check_buffer_space(desc, true);
if (space < (((cmd->hdr.num + 1) << 2) + 16))
bool (*check_codec)(enum vpu_core_type type);
bool (*check_fmt)(enum vpu_core_type type, u32 pixelfmt);
u32 (*get_data_size)(void);
- u32 (*check_memory_region)(dma_addr_t base, dma_addr_t addr, u32 size);
+ int (*check_memory_region)(dma_addr_t base, dma_addr_t addr, u32 size);
int (*boot_core)(struct vpu_core *core);
int (*shutdown_core)(struct vpu_core *core);
int (*restore_core)(struct vpu_core *core);
struct vpu_iface_ops *vpu_core_get_iface(struct vpu_core *core);
struct vpu_iface_ops *vpu_inst_get_iface(struct vpu_inst *inst);
-u32 vpu_iface_check_memory_region(struct vpu_core *core, dma_addr_t addr, u32 size);
+int vpu_iface_check_memory_region(struct vpu_core *core, dma_addr_t addr, u32 size);
static inline bool vpu_iface_check_codec(struct vpu_core *core)
{
if (!ops || !ops->config_stream_buffer || inst->id < 0)
return -EINVAL;
+ if ((buf->phys % 4) || (buf->length % 4))
+ return -EINVAL;
+ if (buf->phys + buf->length > (u64)UINT_MAX)
+ return -EINVAL;
+
return ops->config_stream_buffer(inst->core->iface, inst->id, buf);
}
struct vb2_v4l2_buffer *buf;
if (V4L2_TYPE_IS_OUTPUT(type)) {
- while ((buf = v4l2_m2m_src_buf_remove(inst->fh.m2m_ctx)))
+ while ((buf = v4l2_m2m_src_buf_remove(inst->fh.m2m_ctx))) {
+ vpu_set_buffer_state(buf, VPU_BUF_STATE_IDLE);
v4l2_m2m_buf_done(buf, state);
+ }
} else {
- while ((buf = v4l2_m2m_dst_buf_remove(inst->fh.m2m_ctx)))
+ while ((buf = v4l2_m2m_dst_buf_remove(inst->fh.m2m_ctx))) {
+ vpu_set_buffer_state(buf, VPU_BUF_STATE_IDLE);
v4l2_m2m_buf_done(buf, state);
+ }
}
}
switch (type) {
case MEM_RES_ENC:
+ if (index >= ARRAY_SIZE(pool->enc_frames))
+ return -EINVAL;
res = &pool->enc_frames[index];
break;
case MEM_RES_REF:
+ if (index >= ARRAY_SIZE(pool->ref_frames))
+ return -EINVAL;
res = &pool->ref_frames[index];
break;
case MEM_RES_ACT:
+ if (index)
+ return -EINVAL;
res = &pool->act_frame;
break;
default:
projects / platform / kernel / linux-starfive.git / commitdiff