On Mon Oct 27 17:35:59 2025 +0800, Wangao Wang wrote:
> Add sanity check in iris_vb2_stop_streaming. If inst->state is
> already IRIS_INST_ERROR, we should skip the stream_off operation
> because it would still send packets to the firmware.
>
> In iris_kill_session, inst->state is set to IRIS_INST_ERROR and
> session_close is executed, which will kfree(inst_hfi_gen2->packet).
> If stop_streaming is called afterward, it will cause a crash.
>
> Fixes: 11712ce70f8e5 ("media: iris: implement vb2 streaming ops")
> Cc: [email protected]
> Reviewed-by: Bryan O'Donoghue <[email protected]>
> Reviewed-by: Dikshita Agarwal <[email protected]>
> Signed-off-by: Wangao Wang <[email protected]>
> Reviewed-by: Vikash Garodia <[email protected]>
> [bod: remove qcom from patch title]
> Signed-off-by: Bryan O'Donoghue <[email protected]>
> Signed-off-by: Hans Verkuil <[email protected]>
Patch committed.
Thanks,
Hans Verkuil
drivers/media/platform/qcom/iris/iris_vb2.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/drivers/media/platform/qcom/iris/iris_vb2.c
b/drivers/media/platform/qcom/iris/iris_vb2.c
index 139b821f7952..db8768d8a8f6 100644
--- a/drivers/media/platform/qcom/iris/iris_vb2.c
+++ b/drivers/media/platform/qcom/iris/iris_vb2.c
@@ -231,6 +231,8 @@ void iris_vb2_stop_streaming(struct vb2_queue *q)
return;
mutex_lock(&inst->lock);
+ if (inst->state == IRIS_INST_ERROR)
+ goto exit;
if (!V4L2_TYPE_IS_OUTPUT(q->type) &&
!V4L2_TYPE_IS_CAPTURE(q->type))
@@ -241,10 +243,10 @@ void iris_vb2_stop_streaming(struct vb2_queue *q)
goto exit;
exit:
- iris_helper_buffers_done(inst, q->type, VB2_BUF_STATE_ERROR);
- if (ret)
+ if (ret) {
+ iris_helper_buffers_done(inst, q->type, VB2_BUF_STATE_ERROR);
iris_inst_change_state(inst, IRIS_INST_ERROR);
-
+ }
mutex_unlock(&inst->lock);
}
_______________________________________________
linuxtv-commits mailing list -- [email protected]
To unsubscribe send an email to [email protected]
