From: Yunfei Dong <yunfei.dong@xxxxxxxxxxxx> [ Upstream commit af50b13dd3d7d5dbc1f08add1c462398e926a053 ] Remove unused lat_buf from core list, or leading to core list access NULL point. Fixes: 365e4ba01df4 ("media: mtk-vcodec: Add work queue for core hardware decode") Signed-off-by: Yunfei Dong <yunfei.dong@xxxxxxxxxxxx> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@xxxxxxxxxxxxx> Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- .../platform/mediatek/vcodec/vdec_msg_queue.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c b/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c index ce7c82e38103a..cdc539a46cb95 100644 --- a/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c +++ b/drivers/media/platform/mediatek/vcodec/vdec_msg_queue.c @@ -177,7 +177,7 @@ bool vdec_msg_queue_wait_lat_buf_full(struct vdec_msg_queue *msg_queue) struct vdec_lat_buf *buf, *tmp; struct list_head *list_core[3]; struct vdec_msg_queue_ctx *core_ctx; - int ret, i, in_core_count = 0; + int ret, i, in_core_count = 0, count = 0; long timeout_jiff; core_ctx = &msg_queue->ctx->dev->msg_queue_core_ctx; @@ -204,8 +204,20 @@ bool vdec_msg_queue_wait_lat_buf_full(struct vdec_msg_queue *msg_queue) msg_queue->lat_ctx.ready_num); return true; } - mtk_v4l2_err("failed with lat buf isn't full: %d", - msg_queue->lat_ctx.ready_num); + + spin_lock(&core_ctx->ready_lock); + list_for_each_entry_safe(buf, tmp, &core_ctx->ready_queue, core_list) { + if (buf && buf->ctx == msg_queue->ctx) { + count++; + list_del(&buf->core_list); + } + } + spin_unlock(&core_ctx->ready_lock); + + mtk_v4l2_err("failed with lat buf isn't full: list(%d %d) count:%d", + atomic_read(&msg_queue->lat_list_cnt), + atomic_read(&msg_queue->core_list_cnt), count); + return false; } -- 2.39.2