struct vpu_run *run in vpu_init_ipi_handler() is an ioremapped DTCM (Data Tightly Coupled Memory) buffer shared with AP. It's not able to do unaligned access. Otherwise kernel would crash due to unable to handle kernel paging request. struct vpu_run { u32 signaled; char fw_ver[VPU_FW_VER_LEN]; unsigned int dec_capability; unsigned int enc_capability; wait_queue_head_t wq; }; fw_ver starts at 4 byte boundary. If system enables CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS, strscpy() will do read_word_at_a_time(), which tries to read 8-byte: *(unsigned long *)addr Copy the string by memcpy_fromio() for this buffer to avoid unaligned access. Fixes: 85709cbf1524 ("media: replace strncpy() by strscpy()") Signed-off-by: Hsin-Yi Wang <hsinyi@xxxxxxxxxxxx> --- drivers/media/platform/mtk-vpu/mtk_vpu.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/media/platform/mtk-vpu/mtk_vpu.c b/drivers/media/platform/mtk-vpu/mtk_vpu.c index a768707abb94..e705e85d6f5a 100644 --- a/drivers/media/platform/mtk-vpu/mtk_vpu.c +++ b/drivers/media/platform/mtk-vpu/mtk_vpu.c @@ -600,13 +600,16 @@ int vpu_load_firmware(struct platform_device *pdev) } EXPORT_SYMBOL_GPL(vpu_load_firmware); -static void vpu_init_ipi_handler(void *data, unsigned int len, void *priv) +static void vpu_init_ipi_handler(void __iomem *data, unsigned int len, + void *priv) { struct mtk_vpu *vpu = (struct mtk_vpu *)priv; - struct vpu_run *run = (struct vpu_run *)data; + struct vpu_run __iomem *run = data; vpu->run.signaled = run->signaled; - strscpy(vpu->run.fw_ver, run->fw_ver, sizeof(vpu->run.fw_ver)); + memcpy_fromio(vpu->run.fw_ver, run->fw_ver, sizeof(vpu->run.fw_ver)); + /* Make sure the string is NUL-terminated */ + vpu->run.fw_ver[sizeof(vpu->run.fw_ver) - 1] = '\0'; vpu->run.dec_capability = run->dec_capability; vpu->run.enc_capability = run->enc_capability; wake_up_interruptible(&vpu->run.wq); -- 2.25.0.225.g125e21ebc7-goog