4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx> commit 03703ed1debf777ea845aa9b50ba2e80a5e7dd3c upstream. If buffers were prepared or queued and the buffers were released without starting the queue, the finish mem op (corresponding to the prepare mem op) was never called to the buffers. Before commit a136f59c0a1f there was no need to do this as in such a case the prepare mem op had not been called yet. Address the problem by explicitly calling finish mem op when the queue is stopped if the buffer is in either prepared or queued state. Fixes: a136f59c0a1f ("[media] vb2: Move buffer cache synchronisation to prepare from queue") Cc: stable@xxxxxxxxxxxxxxx # for v4.13 and up Signed-off-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx> Tested-by: Devin Heitmueller <dheitmueller@xxxxxxxxxxxxxx> Signed-off-by: Hans Verkuil <hans.verkuil@xxxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/media/v4l2-core/videobuf2-core.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/media/v4l2-core/videobuf2-core.c +++ b/drivers/media/v4l2-core/videobuf2-core.c @@ -1689,6 +1689,15 @@ static void __vb2_queue_cancel(struct vb for (i = 0; i < q->num_buffers; ++i) { struct vb2_buffer *vb = q->bufs[i]; + if (vb->state == VB2_BUF_STATE_PREPARED || + vb->state == VB2_BUF_STATE_QUEUED) { + unsigned int plane; + + for (plane = 0; plane < vb->num_planes; ++plane) + call_void_memop(vb, finish, + vb->planes[plane].mem_priv); + } + if (vb->state != VB2_BUF_STATE_DEQUEUED) { vb->state = VB2_BUF_STATE_PREPARED; call_void_vb_qop(vb, buf_finish, vb);