[COMMON] media: scaler: fix buffer free during working

Scaler driver is able to run H/W twice to support the users who want
to zoom out the given image by the larger minification factor than the
factor H/W supports. It is called pre-scaling and pre-scaling requires
a temporary buffer that is not supplied by the users but allocaged by
Scaler driver itself.
Scaler driver allocates the buffer when it finds that pre-scaling is
required and frees when it notices that the pre-scaling is not needed
any more. However the driver has a flaw of logic in sc_release() that
releases the temporary buffer before waiting for the H/W to be done.
It results in accessing a freed buffer by H/W.

Change-Id: I951de839884382b9806a744aac92ec4d083fa689
Signed-off-by: Cho KyongHo <pullip.cho@samsung.com>

diff --git a/drivers/media/platform/exynos/scaler/scaler-core.c b/drivers/media/platform/exynos/scaler/scaler-core.c
index baa4ebac731d1211bdd5cb1aa2892d791e9bd7a3..ee56fa700887a279e2d58cfa55dbfb453f408ee0 100644 (file)
--- a/drivers/media/platform/exynos/scaler/scaler-core.c
+++ b/drivers/media/platform/exynos/scaler/scaler-core.c
@@ -2156,8 +2156,10 @@ static int sc_release(struct file *file)
 
        atomic_dec(&sc->m2m.in_use);
 
-       destroy_intermediate_frame(ctx);
        v4l2_m2m_ctx_release(ctx->m2m_ctx);
+
+       destroy_intermediate_frame(ctx);
+
        if (!IS_ERR(sc->aclk))
                clk_unprepare(sc->aclk);
        if (!IS_ERR(sc->pclk))