Skip to content

Conversation

@WangaoW
Copy link

@WangaoW WangaoW commented Sep 18, 2025

Iris in X1E80100 is pretty much identical to SM8550. We can use the same firmware image and the same definitions in the driver, so just add qcom,x1e80100-iris to the existing list with qcom,sm8550-iris as fallback compatible.

Reviewed-by: Vikash Garodia [email protected]
Acked-by: Rob Herring (Arm) [email protected]
Reviewed-by: Bryan O'Donoghue [email protected]

Link: https://lore.kernel.org/linux-arm-msm/[email protected]/

Dikshita Agarwal and others added 26 commits August 11, 2025 12:04
…check

Initialize the count variable to zero before counting unreleased
internal buffers in iris_check_num_queued_internal_buffers().
This prevents stale values from previous iterations and ensures accurate
error reporting for each buffer type. Without this initialization, the
count could accumulate across types, leading to incorrect log messages.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: d2abb1f ("media: iris: Verify internal buffer release on close")
Signed-off-by: Dikshita Agarwal <[email protected]>
…lose

Add error reporting for unreleased PERSIST internal buffers in
iris_check_num_queued_internal_buffers(). This ensures all buffer types
are checked and logged if not freed during session close, helping to
detect memory leaks and improve driver robustness. No change to buffer
lifecycle or allocation logic.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: d2abb1f ("media: iris: Verify internal buffer release on close")
Signed-off-by: Dikshita Agarwal <[email protected]>
…uffer

One internal buffer which is allocated only once per session was not
being freed during session close because it was not being tracked as
part of internal buffer list which resulted in a memory leak.

Add the necessary logic to explicitly free the untracked internal buffer
during session close to ensure all allocated memory is released
properly.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 73702f4 ("media: iris: allocate, initialize and queue internal buffers")
Signed-off-by: Dikshita Agarwal <[email protected]>
The internal driver logic operates with timestamps in microseconds
while the buffer timestamp received by vb2 is in nanosecond, this
mismatch in units causing issue in buffer handling.
Update the timestamp handling logic by converting the buffer timestamp
to microseconds before using it internally in driver for all the
timestamp assignments, comparisons, and metadata handling.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 17f2a48 ("media: iris: implement vb2 ops for buf_queue and firmware response")
Signed-off-by: Dikshita Agarwal <[email protected]>
The previous check to block capture port streaming before output port
was incorrect and caused some valid usecase to fail. While removing that
check allows capture port to enter streaming independently, it also
introduced firmware errors due to premature queuing of DPB buffers
before the firmware session was fully started which happens only when
streamon is called on output port.

Fix this by deferring DPB buffer queuing to the firmware until both
capture and output are streaming and state is 'STREAMING'.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 11712ce ("media: iris: implement vb2 streaming ops")
Signed-off-by: Dikshita Agarwal <[email protected]>
…ring output streaming

Previously, the transition to load resources substate was only allowed
when instance state was INIT, since capture port streaming was not
permitted before output port streaming in the driver.
However, now after removing that restriction, the instance state can be
OUTPUT_STREAMING when firmware start is triggered and substate needs to
be moved to LOAD_RESOURCES.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 547f7b8 ("media: iris: add check to allow sub states transitions")
Signed-off-by: Dikshita Agarwal <[email protected]>
…lease response

Currently, internal buffers are destroyed only if 'PENDING_RELEASE' flag
is set when a release response is received from the firmware, which is
incorrect. Internal buffers should always be destroyed when the firmware
explicitly releases it, regardless of whether the 'PENDING_RELEASE' flag
was set by the driver. This is specially important during force-stop
scenarios, where the firmware may release buffers without driver marking
them for release.
Fix this by removing the incorrect check and ensuring all buffers are
properly cleaned up.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 73702f4 ("media: iris: allocate, initialize and queue internal buffers")
Signed-off-by: Dikshita Agarwal <[email protected]>
Update the vbuf flags appropriately in error cases before calling
v4l2_m2m_buf_done(). Previously, the flag update was skippied in error
scenario, which could result in incorrect state reporting for buffers.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 17f2a48 ("media: iris: implement vb2 ops for buf_queue and firmware response")
Signed-off-by: Dikshita Agarwal <[email protected]>
For HFI Gen1, the instances substate is changed to LOAD_RESOURCES only
when a START command is issues to the firmware. If STOP is called
without a prior START, the firmware may reject the command and throw
some erros.
Handle this by adding a substate check before issuing STOP command to
the firmware.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 11712ce ("media: iris: implement vb2 streaming ops")
Signed-off-by: Dikshita Agarwal <[email protected]>
…g drain

Firmware can handle a dummy address for buffers with the EOS flag. To
ensure consistent behavior across all codecs, update the drain
command to always send a dummy buffer address.

This makes the drain handling uniform and avoids any codec specific
assumptions.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: 478c447 ("media: iris: Add codec specific check for VP9 decoder drain handling")
Signed-off-by: Dikshita Agarwal <[email protected]>
Improve drain handling by ensuring the LAST flag is attached to final
capture buffer when drain response is received from the firmware.

Previously, the driver failed to attach the V4L2_BUF_FLAG_LAST flag when
a drain response was received from the firmware, relying on userspace to
mark the next queued buffer as LAST. This update fixes the issue by
checking the pending drain status, attaching the LAST flag to the
capture buffer received from the firmware (with EOS attached), and
returning it to the V4L2 layer correctly.

Link: https://lore.kernel.org/linux-media/[email protected]/
Fixes: d091007 ("media: iris: add support for drain sequence")
Signed-off-by: Dikshita Agarwal <[email protected]>
Add support for registering a V4L2 encoder video device to the iris
driver. The encoder device is registered with the name
"qcom-iris-encoder".

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…tructure

Introduce initialization and deinitialization for internal encoder
instance structure with necessary hooks.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
Add V4L2 format handling support for the encoder by adding
implementation of ENUM/S/G/TRY_FMT with necessary hooks.

This ensures that the encoder supports format negotiation consistent
with V4L2 expectation, enabling userspace applications to configure
resolution, pixel format and buffer layout properly.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
… for encoder

Add support for frame size and frame interval enumeration by
implementing ENUM_FRAMESIZES/FRAMEINTERVALS V4L2 ioctls for encoder
video device with necessary hooks.

This allows userspace application to query encoder capabilities and
adapt encoding configurations accordingly.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…deo device

Add support for the VIDIOC_QUERYCAP V4L2 iocts for the encoder video
device to report core driver capabilities.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
Implement support for V4L2 event subscription on the encoder device by
handling the SUBSCRIBE_EVENT and UNSUBSCRIBE_EVENT ioctls with the
necessary hooks.

This enables userspace applications to subscribe to V4L2 events,
allowing asynchronous notification mechanisms.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…o device

Add support for G/S_SELECTION V4L2 ioctls for the encoder video
device with necessary hooks. This allows userspace to query and
configure rectangular selection areas such as crop.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
Add supports for the G/S_PARM V4L2 ioctls for encoder video device with
necessary hooks. This allows userspace to query the current streaming
parameters such as frame intervals and set desired streaming parameters
primarily the frame rate.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
… video device

Add platform-specific capabilities for the encoder video device and
initialize the corresponding controls in the control handler.

This enables proper configuration and handling of encoder-specific
features based on platform requirements.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…evice

Add support for V4L2 streaming operations on the encoder video device.
During stream-on, configure mandatory properties on the respective
planes and notify the firmware to initiate an encode session.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…der video device

Initialize and configure platform-specific capabilities for the encoder
in the firmware during stream-on, to tailor encoding behavior to the
current session's requirements. Some of these capabilities can also be
updated dynamically when V4L2 controls are modified by the client after
stream-on.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…r video device

Add support for allocating and queuing internal buffers required by the
encoder. The sizes of these buffers are derived from hardware
specifications and are essential to meet the encoder's functional and
performance requirements.

These buffers are not exposed to userspace; they are allocated and
managed internally to ensure correct and efficient hardware operation.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…ncoder device

Implement support for queuing and dequeuing input and output buffers
for the encoder video device using the appropriate V4L2 buffer
management ioctls.

This enables userspace applications to manage streaming buffers
required for encoding operations.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
…o device

Add support for handling start and stop commands, including the
end-of-stream (drain) sequence, in the encoder video device.

This enables proper signaling to the firmware and ensures that all
pending frames are processed and flushed before completing the stream.

Link: https://lore.kernel.org/linux-media/[email protected]/
Signed-off-by: Dikshita Agarwal <[email protected]>
Iris in X1E80100 is pretty much identical to SM8550. We can use the same
firmware image and the same definitions in the driver, so just add
qcom,x1e80100-iris to the existing list with qcom,sm8550-iris as fallback
compatible.

Signed-off-by: Stephan Gerhold <[email protected]>
Reviewed-by: Vikash Garodia <[email protected]>
Acked-by: Rob Herring (Arm) <[email protected]>
Reviewed-by: Bryan O'Donoghue <[email protected]>
Signed-off-by: Bryan O'Donoghue <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Link: https://lore.kernel.org/linux-arm-msm/[email protected]/
shashim-quic
shashim-quic previously approved these changes Sep 26, 2025
sgaud-quic pushed a commit that referenced this pull request Nov 27, 2025
xfs/286 produced this report on my test fleet:

 ==================================================================
 BUG: KFENCE: out-of-bounds read in memcpy_orig+0x54/0x110

 Out-of-bounds read at 0xffff88843fe9e038 (184B right of kfence-#184):
  memcpy_orig+0x54/0x110
  xrep_symlink_salvage_inline+0xb3/0xf0 [xfs]
  xrep_symlink_salvage+0x100/0x110 [xfs]
  xrep_symlink+0x2e/0x80 [xfs]
  xrep_attempt+0x61/0x1f0 [xfs]
  xfs_scrub_metadata+0x34f/0x5c0 [xfs]
  xfs_ioc_scrubv_metadata+0x387/0x560 [xfs]
  xfs_file_ioctl+0xe23/0x10e0 [xfs]
  __x64_sys_ioctl+0x76/0xc0
  do_syscall_64+0x4e/0x1e0
  entry_SYSCALL_64_after_hwframe+0x4b/0x53

 kfence-#184: 0xffff88843fe9df80-0xffff88843fe9dfea, size=107, cache=kmalloc-128

 allocated by task 3470 on cpu 1 at 263329.131592s (192823.508886s ago):
  xfs_init_local_fork+0x79/0xe0 [xfs]
  xfs_iformat_local+0xa4/0x170 [xfs]
  xfs_iformat_data_fork+0x148/0x180 [xfs]
  xfs_inode_from_disk+0x2cd/0x480 [xfs]
  xfs_iget+0x450/0xd60 [xfs]
  xfs_bulkstat_one_int+0x6b/0x510 [xfs]
  xfs_bulkstat_iwalk+0x1e/0x30 [xfs]
  xfs_iwalk_ag_recs+0xdf/0x150 [xfs]
  xfs_iwalk_run_callbacks+0xb9/0x190 [xfs]
  xfs_iwalk_ag+0x1dc/0x2f0 [xfs]
  xfs_iwalk_args.constprop.0+0x6a/0x120 [xfs]
  xfs_iwalk+0xa4/0xd0 [xfs]
  xfs_bulkstat+0xfa/0x170 [xfs]
  xfs_ioc_fsbulkstat.isra.0+0x13a/0x230 [xfs]
  xfs_file_ioctl+0xbf2/0x10e0 [xfs]
  __x64_sys_ioctl+0x76/0xc0
  do_syscall_64+0x4e/0x1e0
  entry_SYSCALL_64_after_hwframe+0x4b/0x53

 CPU: 1 UID: 0 PID: 1300113 Comm: xfs_scrub Not tainted 6.18.0-rc4-djwx #rc4 PREEMPT(lazy)  3d744dd94e92690f00a04398d2bd8631dcef1954
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-4.module+el8.8.0+21164+ed375313 04/01/2014
 ==================================================================

On further analysis, I realized that the second parameter to min() is
not correct.  xfs_ifork::if_bytes is the size of the xfs_ifork::if_data
buffer.  if_bytes can be smaller than the data fork size because:

(a) the forkoff code tries to keep the data area as large as possible
(b) for symbolic links, if_bytes is the ondisk file size + 1
(c) forkoff is always a multiple of 8.

Case in point: for a single-byte symlink target, forkoff will be
8 but the buffer will only be 2 bytes long.

In other words, the logic here is wrong and we walk off the end of the
incore buffer.  Fix that.

Cc: [email protected] # v6.10
Fixes: 2651923 ("xfs: online repair of symbolic links")
Signed-off-by: Darrick J. Wong <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Signed-off-by: Carlos Maiolino <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants