From 5cd4337135f5d79bf655fa421980e467d76ba125 Mon Sep 17 00:00:00 2001 From: Philipp Zabel Date: Mon, 6 Feb 2017 12:39:01 +0100 Subject: [PATCH] gpu: ipu-cpmem: set image base address even for incorrect formats Otherwise, if the image base address is kept at zero, and if the user ignores the error return value, the IPU may be configured to write into the dma-apbh@00110000 region for large frames, which will lock up the system. Reported-by: Russell King Signed-off-by: Philipp Zabel --- drivers/gpu/ipu-v3/ipu-cpmem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/ipu-v3/ipu-cpmem.c b/drivers/gpu/ipu-v3/ipu-cpmem.c index 4b2b67113d92..f29aa7b0853c 100644 --- a/drivers/gpu/ipu-v3/ipu-cpmem.c +++ b/drivers/gpu/ipu-v3/ipu-cpmem.c @@ -644,6 +644,7 @@ int ipu_cpmem_set_image(struct ipuv3_channel *ch, struct ipu_image *image) { struct v4l2_pix_format *pix = &image->pix; int offset, u_offset, v_offset; + int ret = 0; pr_debug("%s: resolution: %dx%d stride: %d\n", __func__, pix->width, pix->height, @@ -720,13 +721,16 @@ int ipu_cpmem_set_image(struct ipuv3_channel *ch, struct ipu_image *image) image->rect.top * pix->bytesperline; break; default: - return -EINVAL; + /* This should not happen */ + WARN_ON(1); + offset = 0; + ret = -EINVAL; } ipu_cpmem_set_buffer(ch, 0, image->phys0 + offset); ipu_cpmem_set_buffer(ch, 1, image->phys1 + offset); - return 0; + return ret; } EXPORT_SYMBOL_GPL(ipu_cpmem_set_image); -- 2.20.1