This is a note to let you know that I've just added the patch titled media: cedrus: Fix endless loop in cedrus_h265_skip_bits() to the 6.0-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: media-cedrus-fix-endless-loop-in-cedrus_h265_skip_bits.patch and it can be found in the queue-6.0 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 91db7a3fc7fe670cf1770a398a43bb4a1f776bf1 Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx> Date: Thu, 18 Aug 2022 22:33:08 +0200 Subject: media: cedrus: Fix endless loop in cedrus_h265_skip_bits() From: Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx> commit 91db7a3fc7fe670cf1770a398a43bb4a1f776bf1 upstream. The busy status bit may never de-assert if number of programmed skip bits is incorrect, resulting in a kernel hang because the bit is polled endlessly in the code. Fix it by adding timeout for the bit-polling. This problem is reproducible by setting the data_bit_offset field of the HEVC slice params to a wrong value by userspace. Cc: stable@xxxxxxxxxxxxxxx Fixes: 7678c5462680 (media: cedrus: Fix decoding for some HEVC videos) Reported-by: Nicolas Dufresne <nicolas.dufresne@xxxxxxxxxxxxx> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx> Signed-off-by: Nicolas Dufresne <nicolas.dufresne@xxxxxxxxxxxxx> Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c +++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c @@ -234,8 +234,9 @@ static void cedrus_h265_skip_bits(struct cedrus_write(dev, VE_DEC_H265_TRIGGER, VE_DEC_H265_TRIGGER_FLUSH_BITS | VE_DEC_H265_TRIGGER_TYPE_N_BITS(tmp)); - while (cedrus_read(dev, VE_DEC_H265_STATUS) & VE_DEC_H265_STATUS_VLD_BUSY) - udelay(1); + + if (cedrus_wait_for(dev, VE_DEC_H265_STATUS, VE_DEC_H265_STATUS_VLD_BUSY)) + dev_err_ratelimited(dev->dev, "timed out waiting to skip bits\n"); count += tmp; } Patches currently in stable-queue which might be from dmitry.osipenko@xxxxxxxxxxxxx are queue-6.0/drm-virtio-unlock-reservations-on-dma_resv_reserve_fences-error.patch queue-6.0/media-cedrus-set-the-platform-driver-data-earlier.patch queue-6.0/drm-virtio-check-whether-transferred-2d-bo-is-shmem.patch queue-6.0/media-cedrus-fix-endless-loop-in-cedrus_h265_skip_bits.patch queue-6.0/drm-virtio-unlock-reservations-on-virtio_gpu_object_shmem_init-error.patch queue-6.0/drm-virtio-use-appropriate-atomic-state-in-virtio_gpu_plane_cleanup_fb.patch