From a200c721956ca026f44416acccc8efcca41109c5 Mon Sep 17 00:00:00 2001 From: Stanimir Varbanov Date: Mon, 27 May 2019 11:34:17 -0400 Subject: [PATCH] media: venus: hfi_parser: fix a regression in parser This fixes the following data abort: Unable to handle kernel paging request at virtual address 0000078000000040 Mem abort info: ESR = 0x96000004 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____) [0000078000000040] pgd=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP Process irq/28-venus (pid: 292, stack limit = 0x(____ptrval____)) CPU: 0 PID: 292 Comm: irq/28-venus Not tainted 5.2.0-rc1+ #60 Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT) pstate: 60000005 (nZCv daif -PAN -UAO) pc : __memcpy+0x100/0x180 lr : parse_caps+0x94/0xc0 [venus_core] sp : ffff0000114e3990 x29: ffff0000114e3990 x28: ffff80003a7d0148 x27: 00000000000df018 x26: ffff000008bd4618 x25: 0000000000020003 x24: 0000078000000040 x23: 0000000000000002 x22: 0000000000000002 x21: ffff80003b9b8080 x20: 0000000000000008 x19: ffff000010f59000 x18: 0000000000000000 x17: 0000000000000000 x16: ffff80003c0f9b80 x15: 0000000000000000 x14: 0100000100000002 x13: 000000010020100b x12: 000000010000100a x11: 0000100000000040 x10: 0000100000000004 x9 : 0000000000000000 x8 : ffff0000114e3bd8 x7 : 0000000000000000 x6 : ffff0000114e39d8 x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000010 x2 : 0000000000000000 x1 : 0000078000000040 x0 : ffff0000114e39d8 Call trace: __memcpy+0x100/0x180 hfi_parser+0x23c/0x3b8 [venus_core] hfi_session_init_done+0x40/0x60 [venus_core] hfi_process_msg_packet+0xd4/0x1d8 [venus_core] venus_isr_thread+0x1e0/0x230 [venus_core] hfi_isr_thread+0x18/0x20 [venus_core] irq_thread_fn+0x28/0x78 irq_thread+0x124/0x1c0 kthread+0x124/0x128 ret_from_fork+0x10/0x18 Code: d503201f d503201f d503201f d503201f (a8c12027) ---[ end trace fd253ebaeea05ffc ]--- genirq: exiting task "irq/28-venus" (292) is an active IRQ thread (irq 28) by modifying structure members to flexible array members. Fixes: ded716267196862809e5926072adc962a611a1e3 media: hfi_parser: don't trick gcc with a wrong expected size Signed-off-by: Stanimir Varbanov Signed-off-by: Mauro Carvalho Chehab --- drivers/media/platform/qcom/venus/hfi_helper.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/qcom/venus/hfi_helper.h b/drivers/media/platform/qcom/venus/hfi_helper.h index 34ea503a9842..a2b95ff79c4a 100644 --- a/drivers/media/platform/qcom/venus/hfi_helper.h +++ b/drivers/media/platform/qcom/venus/hfi_helper.h @@ -569,7 +569,7 @@ struct hfi_capability { struct hfi_capabilities { u32 num_capabilities; - struct hfi_capability *data; + struct hfi_capability data[]; }; #define HFI_DEBUG_MSG_LOW 0x01 @@ -726,7 +726,7 @@ struct hfi_profile_level { struct hfi_profile_level_supported { u32 profile_count; - struct hfi_profile_level *profile_level; + struct hfi_profile_level profile_level[]; }; struct hfi_quality_vs_speed { -- 2.34.1