From: T-Firefly Date: Thu, 1 Feb 2018 03:16:40 +0000 (+0800) Subject: video/rockchip: fix zero memory copy in vcodec reg_init X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=adaabd3aab7d14853511ee1517f5c1b745dcdf04;p=firefly-linux-kernel-4.4.55.git video/rockchip: fix zero memory copy in vcodec reg_init When extra_size is zero, this triggers exception in kernel: [ 2689.066416] rk_vcodec: set reg[77] ffffffff [ 2689.066428] rk_vcodec: reg_copy_to_hw:1656: leave [ 2689.066443] rk_iommu ff660480.iommu: Page fault at 0x0000000000000200 of type read [ 2689.066452] rk_iommu ff660480.iommu: iova = 0x0000000000000200: dte_index: 0x0 pte_index: 0x0 page_offset: 0x200 [ 2689.066471] rk_iommu ff660480.iommu: mmu_dte_addr: 0x00000000785c4000 dte@0x00000000785c4000: 0x000000 valid: 0 pte@0x0000000000000000: 0x000000 valid: 0 page@0x0000000000000000 flags: 0x0 [ 2689.069518] rk_vcodec: try_set_reg:1738: leave [ 2689.108387] rk_vcodec: vdpu_irq reg 1 status 408362 mask: irq 100 ready 1000 error 3e000 [ 2689.108406] rk_vcodec: vdpu_irq dec status 00408362 [ 2689.108413] rk_vcodec: task rkvdec status 00408362 mask 0003e000 [ 2689.108419] rk_vcodec: rkvdec task: 41 ms This commit fixes that. --- diff --git a/drivers/video/rockchip/vcodec/vcodec_service.c b/drivers/video/rockchip/vcodec/vcodec_service.c index d4156bf16804..fed175d35973 100644 --- a/drivers/video/rockchip/vcodec/vcodec_service.c +++ b/drivers/video/rockchip/vcodec/vcodec_service.c @@ -1275,11 +1275,15 @@ static struct vpu_reg *reg_init(struct vpu_subdev_data *data, return NULL; } - if (copy_from_user(&extra_info, (u8 *)src + size, extra_size)) { - vpu_err("error: copy_from_user failed\n"); - kfree(reg); - return NULL; - } + if (extra_size > 0) { + if (copy_from_user(&extra_info, (u8 *)src + size, extra_size)) { + vpu_err("error: copy_from_user failed\n"); + kfree(reg); + return NULL; + } + } else { + memset(&extra_info, 0, sizeof(extra_info)); + } if (vcodec_reg_address_translate(data, session, reg, &extra_info) < 0) { int i = 0;