- 04 Jul, 2020 39 commits
-
-
Benoit Parrot authored
Several drivers implement the same enclosed_rectangle() function to check if a rectangle is enclosed into another. Replace this with the newly added v4l2_rect_enclosed() helper function. Signed-off-by:
Benoit Parrot <bparrot@ti.com> Acked-by:
Andrzej Pietrasiewicz <andrzejtp2010@gmail.com> Reviewed-by:
Lad Prabhakar <prabhakar.csengg@gmail.com> Signed-off-by:
Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by:
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
-
Benoit Parrot authored
Add a helper function to check if one rectangle is enclosed inside another. Signed-off-by:
-
Lad Prabhakar authored
This patch adds support for MEDIA_BUS_FMT_SRGGB8_1X8 format for CSI2 input. Signed-off-by:
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Reviewed-by:
Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se> Signed-off-by:
-
Lad Prabhakar authored
Add support for MEDIA_BUS_FMT_SRGGB8_1X8 format in rcar-vin by setting format type to RAW8 in VNMC register and appropriately setting the bpp and bytesperline to enable V4L2_PIX_FMT_SRGGB8. Signed-off-by:
-
Lad Prabhakar authored
Up until now the VIN was capable to convert any of its supported input mbus formats to any of it's supported output pixel formats. With the addition of RAW formats this is no longer true. This patch invalidates the pipeline by adding a check if given vin input format can be converted to supported output pixel format. Signed-off-by:
-
Dinghao Liu authored
pm_runtime_get_sync() increments the runtime PM usage counter even when it returns an error code. Thus a pairing decrement is needed on the error handling path to keep the counter balanced. Signed-off-by:
Dinghao Liu <dinghao.liu@zju.edu.cn> Signed-off-by:
Stanimir Varbanov <stanimir.varbanov@linaro.org> Signed-off-by:
-
Mansur Alisha Shaik authored
Currently we are considering the instances which are available in core->inst list for load calculation in min_loaded_core() function, but this is incorrect because by the time we call decide_core() for second instance, the third instance not filled yet codec_freq_data pointer. Solve this by considering the instances whose session has started. Cc: stable@vger.kernel.org # v5.7+ Fixes: 4ebf9693 ("media: venus: introduce core selection") Tested-by:
Douglas Anderson <dianders@chromium.org> Signed-off-by:
Mansur Alisha Shaik <mansur@codeaurora.org> Signed-off-by:
-
Evgeny Novikov authored
If lirc_dev_init() fails during module initialization, rc_core_init() returns 0 denoting success. This can cause different issues during further operation of the module. The patch fixes the return value of rc_core_init() on the corresponding error handling path. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by:
Evgeny Novikov <novikov@ispras.ru> Signed-off-by:
Sean Young <sean@mess.org> Signed-off-by:
-
Sean Young authored
Found with clang: drivers/media/pci/cx23885/cx23888-ir.c:178:19: warning: unused function 'ns_to_clock_divider' [-Wunused-function] static inline u16 ns_to_clock_divider(unsigned int ns) ^ drivers/media/pci/cx23885/cx23888-ir.c:184:28: warning: unused function 'clock_divider_to_ns' [-Wunused-function] static inline unsigned int clock_divider_to_ns(unsigned int divider) ^ drivers/media/pci/cx23885/cx23888-ir.c:202:19: warning: unused function 'freq_to_clock_divider' [-Wunused-function] static inline u16 freq_to_clock_divider(unsigned int freq, ^ Cc: Andy Walls <awalls@md.metrocast.net> Signed-off-by: -
Sean Young authored
Found with clang: drivers/media/rc/fintek-cir.c:55:20: warning: unused function 'fintek_clear_reg_bit' [-Wunused-function] static inline void fintek_clear_reg_bit(struct fintek_dev *fintek, u8 val, u8 reg) Signed-off-by:
-
Sean Young authored
Since this driver could never transmit IR, setting the tx carrier makes no sense. Fixes: 87284271 ("media: rc: nuvoton: remove rudimentary transmit functionality") Signed-off-by:
-
Sean Young authored
This function has never been used. Found with clang: drivers/media/dvb-frontends/drxk_hard.c:159:19: warning: unused function 'MulDiv32' [-Wunused-function] static inline u32 MulDiv32(u32 a, u32 b, u32 c) Signed-off-by:
-
Hans Verkuil authored
After the removal of the soc_camera driver and the soc_camera.h header the SOC-CAMERA entry in the MAINTAINERS file can also be removed. Signed-off-by:
-
Hans Verkuil authored
Drop all configs with the CONFIG_SOC_CAMERA prefix since those have been removed. SOC_CAMERA support for the sh architecture was removed a long time ago. Drop it from the configs. Signed-off-by:
-
Hans Verkuil authored
Drop all configs with the CONFIG_SOC_CAMERA prefix since those have been removed. Signed-off-by:
-
Hans Verkuil authored
The soc_camera driver has been removed and all board files that used it have been fixed. This header can now be removed altogether. Signed-off-by:
-
Hans Verkuil authored
The soc_camera driver (and related soc_camera-dependent sensor drivers) is obsolete and depends on BROKEN for a long time now. Nobody is using it, so it is time to kill it off. Signed-off-by:
-
Hans Verkuil authored
The soc_camera driver is about to be removed, so drop camera support from this board. Note that the soc_camera driver itself has long since been deprecated and can't be compiled anymore (it depends on BROKEN), so camera support on this board has been broken for a long time (at least since 4.9 when the pxa_camera.c was removed from soc_camera). Note that there is a new pxa_camera.c driver that replaced the old soc_camera based driver, but using that would require these boards to be converted to use the device tree. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Signed-off-by:
-
Hans Verkuil authored
The soc_camera driver is about to be removed, so drop camera support from this board. Note that the soc_camera driver itself has long since been deprecated and can't be compiled anymore (it depends on BROKEN), so camera support on this board has been broken for a long time (at least since 4.6 when the omap1_camera.c was removed from soc_camera). Signed-off-by:
-
Hans Verkuil authored
The soc_camera.h header driver is about to be removed, so drop camera support from this board. Note that the soc_camera driver itself has long since been deprecated and can't be compiled anymore (it depends on BROKEN), so camera support on this board has been broken for a long time (at least since 4.6 when the mx2_camera.c was removed from soc_camera). Signed-off-by:
-
Hans Verkuil authored
Remove the confusing SoC Camera reference. Signed-off-by:
-
Hans Verkuil authored
Remove the confusing SoC Camera reference. Signed-off-by:
-
Jeff Chase authored
Add a CEC device driver for the Chrontel ch7322 CEC conroller. This is an I2C device capable of sending and receiving CEC messages. Signed-off-by:
Jeff Chase <jnchase@google.com> Signed-off-by:
-
Jeff Chase authored
Use of the cec notifier framework is required to support CEC_CAP_CONNECTOR_INFO but some devices do not want physical address updates from the notifier. This adds an option to allow registering with a cec notifier without getting address updates. [hans: document the new adap_controls_phys_addr bool] Signed-off-by:
-
Jeff Chase authored
The ch7322 is a Chrontel CEC controller. Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Eugeniu Rosca authored
In commit f3b98e3c ("media: vsp1: Provide support for extended command pools"), the vsp pointer used for referencing the VSP1 device structure from a command pool during vsp1_dl_ext_cmd_pool_destroy() was not populated. Correctly assign the pointer to prevent the following null-pointer-dereference when removing the device: [*] h3ulcb-kf #> echo fea28000.vsp > /sys/bus/platform/devices/fea28000.vsp/driver/unbind Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00000007318be000 [0000000000000028] pgd=00000007333a1003, pud=00000007333a6003, pmd=0000000000000000 Internal error: Oops: 96000006 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 486 Comm: sh Not tainted 5.7.0-rc6-arm64-renesas-00118-ge644645a #185 Hardware name: Renesas H3ULCB Kingfisher board based on r8a77951 (DT) pstate: 40000005 (nZcv daif -PAN -UAO) pc : vsp1_dlm_destroy+0xe4/0x11c lr : vsp1_dlm_destroy+0xc8/0x11c sp : ffff800012963b60 x29: ffff800012963b60 x28: ffff0006f83fc440 x27: 0000000000000000 x26: ffff0006f5e13e80 x25: ffff0006f5e13ed0 x24: ffff0006f5e13ed0 x23: ffff0006f5e13ed0 x22: dead000000000122 x21: ffff0006f5e3a080 x20: ffff0006f5df2938 x19: ffff0006f5df2980 x18: 0000000000000003 x17: 0000000000000000 x16: 0000000000000016 x15: 0000000000000003 x14: 00000000000393c0 x13: ffff800011a5ec18 x12: ffff800011d8d000 x11: ffff0006f83fcc68 x10: ffff800011a53d70 x9 : ffff8000111f3000 x8 : 0000000000000000 x7 : 0000000000210d00 x6 : 0000000000000000 x5 : ffff800010872e60 x4 : 0000000000000004 x3 : 0000000078068000 x2 : ffff800012781000 x1 : 0000000000002c00 x0 : 0000000000000000 Call trace: vsp1_dlm_destroy+0xe4/0x11c vsp1_wpf_destroy+0x10/0x20 vsp1_entity_destroy+0x24/0x4c vsp1_destroy_entities+0x54/0x130 vsp1_remove+0x1c/0x40 platform_drv_remove+0x28/0x50 __device_release_driver+0x178/0x220 device_driver_detach+0x44/0xc0 unbind_store+0xe0/0x104 drv_attr_store+0x20/0x30 sysfs_kf_write+0x48/0x70 kernfs_fop_write+0x148/0x230 __vfs_write+0x18/0x40 vfs_write+0xdc/0x1c4 ksys_write+0x68/0xf0 __arm64_sys_write+0x18/0x20 el0_svc_common.constprop.0+0x70/0x170 do_el0_svc+0x20/0x80 el0_sync_handler+0x134/0x1b0 el0_sync+0x140/0x180 Code: b40000c2 f9403a60 d2800084 a9400663 (f9401400) ---[ end trace 3875369841fb288a ]--- Fixes: f3b98e3c ("media: vsp1: Provide support for extended command pools") Cc: stable@vger.kernel.org # v4.19+ Signed-off-by:
Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by:
Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> Tested-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by:
-
Colin Ian King authored
The variable err is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by:Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Eizan Miyamoto authored
Since components are registered in a list, the numeric component id that specified a location in an array is not necessary. Signed-off-by:
Eizan Miyamoto <eizan@chromium.org> Reviewed-by:
Enric Balletbo i Serra <enric.balletbo@collabora.com> Signed-off-by:
-
Eizan Miyamoto authored
The functions mtk_mdp_register/unregister_component have been created to add / remove items from the list of components. This will eventually enable us to specify a list of components in the device tree instead of hardcoding them into this driver. The list is modified by a single thread at driver probe time, and will not be traversed by another thread until the call to pm_runtime_enable at the end of probing. Signed-off-by:
-
Eizan Miyamoto authored
This is a cleanup to better handle errors during MDP probe. Signed-off-by:
-
Eizan Miyamoto authored
This is a cleanup to better handle errors during MDP probe. Signed-off-by:
-
Eizan Miyamoto authored
These fields are not used and can be removed. Signed-off-by:
-
Francois Buergisser authored
The mtk-mdp driver uses states to check if the formats have been set on the capture and output when turning the streaming on, setting controls or setting the selection rectangles. Those states are reset when 0 buffers are requested like when checking capabilities. This patch removes all format checks and set one by default as queues in V4L2 are expected to always have a format set. https://linuxtv.org/downloads/v4l-dvb-apis/uapi/v4l/vidioc-streamon.html https://linuxtv.org/downloads/v4l-dvb-apis/uapi/v4l/vidioc-g-ctrl.html https://linuxtv.org/downloads/v4l-dvb-apis/uapi/v4l/vidioc-g-selection.htmlSigned-off-by:
Francois Buergisser <fbuergisser@chromium.org> Signed-off-by:
-
Dan Carpenter authored
If fw_csr_string() returns -ENOENT, then "name" is uninitialized. So then the "strlen(model_names[i]) <= name_len" is true because strlen() is unsigned and -ENOENT is type promoted to a very high positive value. Then the "strncmp(name, model_names[i], name_len)" uses uninitialized data because "name" is uninitialized. Fixes: 92374e88 ("[media] firedtv: drop obsolete backend abstraction") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Chen Zhou authored
Fixes coccicheck warning: ./drivers/media/platform/coda/coda-jpeg.c:331:3-31: alloc with no test, possible model on line 354 Add NULL check after kmalloc. Signed-off-by:
Chen Zhou <chenzhou10@huawei.com> Signed-off-by:
-
Eugen Hristev authored
All warnings (new ones prefixed by >>, old ones prefixed by <<): >> drivers/media/platform/atmel/atmel-sama5d2-isc.c:323:34: warning: unused variable 'atmel_isc_of_match' [-Wunused-const-variable] static const struct of_device_id atmel_isc_of_match[] = { ^ 1 warning generated. vim +/atmel_isc_of_match +323 drivers/media/platform/atmel/atmel-sama5d2-isc.c 322 > 323 static const struct of_device_id atmel_isc_of_match[] = { 324 { .compatible = "atmel,sama5d2-isc" }, 325 { } 326 }; 327 MODULE_DEVICE_TABLE(of, atmel_isc_of_match); 328 Fixed warning by guarding the atmel_isc_of_match by CONFIG_OF. Reported-by:kernel test robot <lkp@intel.com> Signed-off-by:
Eugen Hristev <eugen.hristev@microchip.com> Signed-off-by:
-
Gustavo A. R. Silva authored
The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by:Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by:
-
Andrey Konovalov authored
Currently for msm_csiphy, msm_csid, and msm_ispif subdevices the media entity function field is set to MEDIA_ENT_F_IO_V4L. This is incorrect as MEDIA_ENT_F_IO_V4L implies V4L2 video node. Change it to MEDIA_ENT_F_PROC_VIDEO_PIXEL_FORMATTER as this is the best fit from the functions defined in include/uapi/linux/media.h. Signed-off-by:
Andrey Konovalov <andrey.konovalov@linaro.org> Tested-by:
Robert Foss <robert.foss@linaro.org> Reviewed-by:
-
Dafna Hirschfeld authored
The rkisp1 supports RGB encoding with 6 bits per color with the following format: - - b5 b4 b3 b2 b1 b0 - - g5 g4 g3 g2 g1 g0 - - r5 r4 r3 r2 r1 r0 - - - - - - - - This is not how V4L2_PIX_FMT_BGR666 is defined, so remove this format from the driver's formats list. Signed-off-by:
Dafna Hirschfeld <dafna.hirschfeld@collabora.com> Acked-by:
Helen Koike <helen.koike@collabora.com> Signed-off-by:
-
- 23 Jun, 2020 1 commit
-
-
Tuomas Tynkkynen authored
Syzbot reports a NULL-ptr deref in the kref_put() call: BUG: KASAN: null-ptr-deref in media_request_put drivers/media/mc/mc-request.c:81 [inline] kref_put include/linux/kref.h:64 [inline] media_request_put drivers/media/mc/mc-request.c:81 [inline] media_request_close+0x4d/0x170 drivers/media/mc/mc-request.c:89 __fput+0x2ed/0x750 fs/file_table.c:281 task_work_run+0x147/0x1d0 kernel/task_work.c:123 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop arch/x86/entry/common.c:165 [inline] prepare_exit_to_usermode+0x48e/0x600 arch/x86/entry/common.c:196 What led to this crash was an injected memory allocation failure in media_request_alloc(): FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 should_failslab+0x5/0x20 kmem_cache_alloc_trace+0x57/0x300 ? anon_inode_getfile+0xe5/0x170 media_request_alloc+0x339/0x440 media_device_request_alloc+0x94/0xc0 media_device_ioctl+0x1fb/0x330 ? do_vfs_ioctl+0x6ea/0x1a00 ? media_ioctl+0x101/0x120 ? __media_device_usb_init+0x430/0x430 ? media_poll+0x110/0x110 __se_sys_ioctl+0xf9/0x160 do_syscall_64+0xf3/0x1b0 When that allocation fails, filp->private_data is left uninitialized which media_request_close() does not expect and crashes. To avoid this, reorder media_request_alloc() such that allocating the struct file happens as the last step thus media_request_close() will no longer get called for a partially created media request. Reported-by: syzbot+6bed2d543cf7e48b822b@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by:
Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> Fixes: 10905d70 ("media: media-request: implement media requests") Reviewed-by:
Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by:
-
