• Dafna Hirschfeld's avatar
    media: vimc: upon streaming, check that the pipeline starts with a source entity · c20df618
    Dafna Hirschfeld authored
    Userspace can disable links and create pipelines that
    do not start with a source entity. Trying to stream
    from such a pipeline should fail with -EPIPE
    currently this is not handled and cause kernel crash.
    
    Reproducing the crash:
    media-ctl -d0 -l "5:1->21:0[0]" -v
    v4l2-ctl -z platform:vimc -d "RGB/YUV Capture" -v width=1920,height=1440
    v4l2-ctl --stream-mmap --stream-count=100 -d /dev/video2
    
    Panic message:
    [   39.078841][  T248] BUG: kernel NULL pointer dereference, address: 0000000000000000
    [   39.079338][  T248] #PF: supervisor read access in kernel mode
    [   39.079704][  T248] #PF: error_code(0x0000) - not-present page
    [   39.080071][  T248] PGD 0 P4D 0
    [   39.080279][  T248] Oops: 0000 [#1] SMP PTI
    [   39.080546][  T248] CPU: 0 PID: 248 Comm: vimc-streamer t Not tainted 5.4.0-rc1+ #17
    [   39.081030][  T248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
    [   39.081779][  T248] RIP: 0010:vimc_sca_process_frame+0xdb/0x210 [vimc]
    [   39.082191][  T248] Code: 44 8d 0c 28 8b 93 a4 01 00 00 48 8b 8b 98 01 00 00 85 d2 74 40 48 8b 74 24 10 8d 7a ff 4c 01 c9 31 d2 4c 01 fe eb 03 4c 89 c2 <44> 0f b6 04 16 44 88 04 11 4c 8d 42 01 48 39 fa 75 eb 8b 93 a4 01
    [   39.083436][  T248] RSP: 0018:ffffb15a005abe90 EFLAGS: 00010246
    [   39.083808][  T248] RAX: 0000000000000000 RBX: ffffa3fdc46d2e00 RCX: ffffb15a02579000
    [   39.084298][  T248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
    [   39.084792][  T248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
    [   39.085280][  T248] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
    [   39.085770][  T248] R13: ffffa3fdc46d2ee0 R14: 0000000000000000 R15: 0000000000000000
    [   39.086258][  T248] FS:  0000000000000000(0000) GS:ffffa3fdc7800000(0000) knlGS:0000000000000000
    [   39.086806][  T248] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [   39.087217][  T248] CR2: 0000000000000000 CR3: 0000000003c92005 CR4: 0000000000360ef0
    [   39.087706][  T248] Call Trace:
    [   39.087909][  T248]  ? vimc_streamer_pipeline_terminate+0x90/0x90 [vimc]
    [   39.088318][  T248]  vimc_streamer_thread+0x7c/0xe0 [vimc]
    [   39.088663][  T248]  kthread+0x10d/0x130
    [   39.088919][  T248]  ? kthread_park+0x80/0x80
    [   39.089205][  T248]  ret_from_fork+0x35/0x40
    [   39.089475][  T248] Modules linked in: vimc videobuf2_vmalloc videobuf2_memops v4l2_tpg videobuf2_v4l2 videobuf2_common videodev mc
    [   39.090208][  T248] CR2: 0000000000000000
    [   39.090463][  T248] ---[ end trace 697650fefbf78bee ]---
    [   39.090796][  T248] RIP: 0010:vimc_sca_process_frame+0xdb/0x210 [vimc]
    [   39.091209][  T248] Code: 44 8d 0c 28 8b 93 a4 01 00 00 48 8b 8b 98 01 00 00 85 d2 74 40 48 8b 74 24 10 8d 7a ff 4c 01 c9 31 d2 4c 01 fe eb 03 4c 89 c2 <44> 0f b6 04 16 44 88 04 11 4c 8d 42 01 48 39 fa 75 eb 8b 93 a4 01
    [   39.092417][  T248] RSP: 0018:ffffb15a005abe90 EFLAGS: 00010246
    [   39.092789][  T248] RAX: 0000000000000000 RBX: ffffa3fdc46d2e00 RCX: ffffb15a02579000
    [   39.093278][  T248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
    [   39.093766][  T248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
    [   39.094254][  T248] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
    [   39.094742][  T248] R13: ffffa3fdc46d2ee0 R14: 0000000000000000 R15: 0000000000000000
    [   39.095309][  T248] FS:  0000000000000000(0000) GS:ffffa3fdc7800000(0000) knlGS:0000000000000000
    [   39.095974][  T248] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [   39.096372][  T248] CR2: 0000000000000000 CR3: 0000000003c92005 CR4: 0000000000360ef0
    Signed-off-by: default avatarDafna Hirschfeld <dafna.hirschfeld@collabora.com>
    Acked-by: default avatarHelen Koike <helen.koike@collabora.com>
    Signed-off-by: default avatarHans Verkuil <hverkuil-cisco@xs4all.nl>
    Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
    c20df618
vimc-common.h 7.28 KB