8c405cdccc
The patches were generated from the RPi repo with the following command: git format-patch v6.6.34..rpi-6.1.y Some patches needed rebasing and, as usual, the applied and reverted, wireless drivers, Github workflows, READMEs and defconfigs patches were removed. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
57 lines
2.2 KiB
Diff
57 lines
2.2 KiB
Diff
From f64568b7b3f7ac80031719528d609f6d1fb81324 Mon Sep 17 00:00:00 2001
|
|
From: Naushir Patuck <naush@raspberrypi.com>
|
|
Date: Fri, 2 Sep 2022 08:35:35 +0100
|
|
Subject: [PATCH 0388/1085] media: bcm2835-unicam: Fix for possible dummy
|
|
buffer overrun
|
|
|
|
The Unicam hardware has been observed to cause a buffer overrun when using the
|
|
dummy buffer as a circular buffer. The conditions that cause the overrun are not
|
|
fully known, but it seems to occur when the memory bus is heavily loaded.
|
|
|
|
To avoid the overrun, program the hardware with a buffer size of 0 when using
|
|
the dummy buffer. This will cause overrun into the allocated dummy buffer, but
|
|
avoid out of bounds writes.
|
|
|
|
Signed-off-by: Naushir Patuck <naush@raspberrypi.com>
|
|
---
|
|
drivers/media/platform/bcm2835/bcm2835-unicam.c | 14 ++++++++------
|
|
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
|
|
--- a/drivers/media/platform/bcm2835/bcm2835-unicam.c
|
|
+++ b/drivers/media/platform/bcm2835/bcm2835-unicam.c
|
|
@@ -126,8 +126,11 @@ MODULE_PARM_DESC(media_controller, "Use
|
|
#define UNICAM_EMBEDDED_SIZE 16384
|
|
|
|
/*
|
|
- * Size of the dummy buffer. Can be any size really, but the DMA
|
|
- * allocation works in units of page sizes.
|
|
+ * Size of the dummy buffer allocation.
|
|
+ *
|
|
+ * Due to a HW bug causing buffer overruns in circular buffer mode under certain
|
|
+ * (not yet fully known) conditions, the dummy buffer allocation is set to a
|
|
+ * a single page size, but the hardware gets programmed with a buffer size of 0.
|
|
*/
|
|
#define DUMMY_BUF_SIZE (PAGE_SIZE)
|
|
|
|
@@ -843,8 +846,7 @@ static void unicam_schedule_dummy_buffer
|
|
unicam_dbg(3, dev, "Scheduling dummy buffer for node %d\n",
|
|
node->pad_id);
|
|
|
|
- unicam_wr_dma_addr(dev, node->dummy_buf_dma_addr, DUMMY_BUF_SIZE,
|
|
- node->pad_id);
|
|
+ unicam_wr_dma_addr(dev, node->dummy_buf_dma_addr, 0, node->pad_id);
|
|
node->next_frm = NULL;
|
|
}
|
|
|
|
@@ -2662,8 +2664,8 @@ static void unicam_stop_streaming(struct
|
|
* This is only really needed if the embedded data pad is
|
|
* disabled before the image pad.
|
|
*/
|
|
- unicam_wr_dma_addr(dev, node->dummy_buf_dma_addr,
|
|
- DUMMY_BUF_SIZE, METADATA_PAD);
|
|
+ unicam_wr_dma_addr(dev, node->dummy_buf_dma_addr, 0,
|
|
+ METADATA_PAD);
|
|
}
|
|
|
|
/* Clear all queued buffers for the node */
|